The data breach cost reached an all-time high in 2022, as per research, increasing by around 12.7% within just 2 years. The cost has reached an average of USD 4.35 million per breach. 83% of organizations faced more than one data breach in 2022. This only shows how critical cybersecurity is across industries and for organizations of all sizes and types.
However, cybersecurity is crucial for banking, financial services, healthcare, energy, etc. Why? Because these are considered critical industries, and these industries face some of the most expensive data breaches.
Indusface’s State of Application Security report highlighted that Bot attacks predominantly targeted the Banking and Healthcare Industries. Surprisingly, the Insurance industry faced a significantly higher level of attacks, receiving 12 times more than all other industries combined.
The average data breach cost in banking and finance is the second highest among all industries, second only to healthcare.
So, what is the cost of a data breach in banking and finance? Why is it so high? Is it possible to reduce these costs? Find out in this article.
What is the Cost of a Data Breach?
The cost of a data breach is a highly misunderstood concept. Organizations often associate only the non-compliance penalties and fines or legal and post-breach costs with data breach costs. Of course, organizations must shell out significant sums of money on fines, legal fees, and post-breach costs. However, the costs go much deeper and can even cause the organization to shut down.
One of the major components of the cost of a data breach is the financial damage that organizations face. Firstly, data breaches cause customer attrition and loss of business. Secondly, revenue losses stemming from crashes, downtimes, and so on happen during and after data breaches.
Thirdly, the total time taken to identify and contain the breach, known as the data breach lifecycle, directly impacts the financial costs. Shorter data breach lifecycles result in lower costs and lesser financial damage. On average, organizations that identify and contain breaches within 200 days save USD 1.12 million.
The other major component of data breach costs is reputational damage and brand value erosion. When a data breach happens, customer trust is broken, leading to customer attrition. Organizations will have to spend on rebuilding their brand, rebuilding trust, winning back old customers (who may not come back), and acquiring new customers.
As per a study, the world’s top 100 most valued brands face a brand value risk of USD 223 billion in total from data breaches.
Banking and Finance: A Quick Overview of the Industry
Banks and financial institutions are prime targets for data breaches owing to the large volumes of financial data such as credit card details, bank accounts, retirement funds, social security numbers, and other sensitive information they have access. That is why the number and frequency of banking and finance data breaches are continuously increasing.
Here are a few of the reported data breaches in finance and banking from recent years.
Threat actors breached 3 million corporate customer accounts of Morgan Stanley in January 2021, accessing client PII, social security numbers, company names, etc. The company reported that the breach was reported only in July 2021 and said that the breach resulted from a vulnerability in a third-party vendor’s server. The company claimed that despite patching that vulnerability, attackers managed to get their hands on the decryption keys for the encrypted files.
The Texas Department of Insurance:
In a regularly scheduled data-managed audit, the Texas Department of Insurance found that a glitch in the coding of their web application was exposing PII of nearly 2 million Texans. It was further discovered that the exposure has been happening for over 3 years since 2019.
The crypto exchange, Bitmart, faced a data breach that cost them nearly USD 200 million worth of cryptocurrency. This breach resulted from a threat actor stealing a single private key.
Cash App Investing LLC:
Nearly 8.2 million personal records, including PII, brokerage account numbers, trading activity, and so on, of Cash App customers were compromised in 2021. This data breach happened because a former employee downloaded the company’s internal reports without authorization or permission.
The online trading platform, Robinhood, faced a data breach in November 2021 that exposed the email addresses of 5 million people, the full names of another 2 million people, and the additional personal information of thousands of users. The attackers used social engineering to orchestrate this breach and allegedly demanded a ransom payment.
These data breaches in the banking and finance sectors illustrate that data breaches don’t always stem from external threat actors. They also result from malicious insiders, poor third-party/ partner apps and software security, lack of authentication protocols, lack of zero trust architectures, user/ employee errors, etc.
What is the Average Cost of a Data Breach in Banking and Finance?
The average cost of a data breach in banking and finance was USD 5.97 million in 2022, increasing from USD 5.72 million in 2021. As mentioned in the introduction, data breaches in finance and banking are second only to healthcare breaches in costs. Finance and banking data breaches cost 37% more than the average cost of a data breach.
Why are Data Breaches So Costly in Banking and Finance?
- Banks and financial institutions have access to large volumes of data, including bank accounts, PII, credit cards, etc. By compromising financial data, attackers can directly engage in frauds like illegal money transfers, identity thefts, etc., or sell stolen records to the highest bidders.
- The brand value erosion and reputational damage from financial and banking data breaches are high. Customers in this sector will take their business elsewhere if a bank/ financial institution doesn’t take security seriously.
- Being a critical infrastructure industry, even a brief downtime in banking and finance multiplies the overall cost of data breaches. Further, banks and financial institutions are more willing to pay ransoms to keep the operations running.
- Being a highly regulated industry, non-compliance penalties and fines are high, increasing the costs of data breaches.
Is it Possible to Lower the Cost of Data Breaches in Banking and Finance?
Yes. It is possible to lower the cost of data breaches in banking and finance through proactive security measures.
- Reduce the breach lifecycle through real-time threat hunting and detection. Leverage self-learning AI, intelligent automation, behavioral analysis, and global threat intelligence to detect known and emerging threats and stop them before they can cause much damage accurately and proactively.
- Take swift action and virtually patch vulnerabilities. Rather than waiting for patches to be released, organizations should leverage virtual patching to address identified threats instantly. By implementing virtual patches, organizations can effectively close off avenues for attackers and prevent potential breaches, ensuring the security of their systems and data.
- Organizations with an adequately tested Incident Response (IR) plan and an IR team had significantly lower costs than those without. The cost savings stood at USD 2.66 million, a 58% saving.
- Adopt a risk-based approach to security. Continuously identify, quantify, prioritize, and manage risks to reduce the financial impact of data breaches on your organization. Risk quantification saves you USD 2.10 million on average.
- Implement zero trust architecture to reduce the number of records exposed by threat actors and save USD 1.51 million on average on the cost of data breaches.
The average cost of data breaches in banking and finance is high. But you can reduce these costs significantly with fully managed, intelligent, and comprehensive security solutions like AppTrana WAAP.