Top 30 Cybersecurity Stats in Financial Services in 2023
Cybersecurity is a critical issue for financial services organizations that handle huge volumes of sensitive customer information such as personally identifiable information (PII) and protected health information (PHI) and financial records. The volume of private data that is exchanged inside and outside of organizations today is driven by digital transformation. This exchange of sensitive content makes financial firms a prime target for cybercriminals and rogue nation-states. To protect against these threats, financial institutions must invest in robust governance, compliance, and protection measures and ensure they have a comprehensive cybersecurity risk management strategy in place.
Prevalent Cyberattacks on Financial Services
When it comes to cyberattacks on financial institutions, the following are some of the most prevalent:
● Ransomware attacks occur when cybercriminals or nation-states encrypt an organization’s data or hijack applications and demand payment to unlock them.
● Cybercriminals and rogue nation-states use phishing attacks, sending fake emails or messages that appear to be from legitimate sources that trick victims into divulging sensitive information and/or login credentials.
● Malware attacks occur when malicious software is installed on a device or network to gain access to sensitive data or disrupt operations.
● Denial-of-service (DoS) attacks are the result of cyberattackers overloading a system or network with traffic to make it unavailable to legitimate users.
● Insider threats result when an employee or contractor with access to sensitive data intentionally or unintentionally exposes that data to unauthorized individuals.
30 Cybersecurity and Compliance Stats in Financial Services
Recognizing the importance that security and compliance risk management plays for financial services organizations, we compiled a list of cybersecurity and compliance statistics in financial services for 2023. This list highlights the prevalence and need for regulatory compliance and the importance of robust governance tracking and controls. The stats encompass data breaches, vulnerabilities, threat types, technology trends, and compliance.
Cyber Threats in Financial Services
1. Financial services organizations have 449,855 exposed sensitive files and 36,004 open to everyone in the organization. This is the highest when comparing industries. (Varonis)
2. A financial services employee, on average, has access to nearly 11 million files the day they start work. (Varonis)
3. Financial firms report 703 cyberattack attempts per week. (Check Point)
4. On average, financial services businesses take an average of 233 days to detect and contain a data breach. (Varonis)
5. 63% of financial institutions experienced an increase in destructive attacks, a 17% increase from the previous year. (VMware)
6. 71% of financial institutions noted an increase in wire transfer fraud. (VMware)
7. 66% of financial institutions experienced attacks that targeted market strategies. (VMware)
8. 5% of financial services leaders believe that market data is the primary target for cybercriminal attacks. (VMware)
9. 63% of financial services businesses experienced an increase in brokerage account takeover, up from 41% the previous year. (VMware)
10. 74% of financial sector security leaders experienced one or more ransomware attacks. 63% of those victims paid the ransom. (VMware)
11. 87% of financial institutions are concerned with the security posture of their shared service providers. (VMware)
12. 43% of cyberattacks are aimed at small businesses, of which only 14% are prepared to defend themselves. (Accenture)
13. On average, 270 attacks (entailing unauthorized access of data, applications, networks, or devices) occurred in financial services, an increase of 31% compared with the prior year. (Accenture)
14. 43% of senior bank executives don’t believe their bank is adequately equipped to protect customer data, privacy, and assets in the event of a cyberattack. (KPMG)
15. 57% of banking executives indicated their primary cybersecurity concern is employee-targeted phishing attacks. (CSI)
Cost of Cyberattacks in Financial Services
16. The average data breach cost in financial services is $5.72 million per incident. (IBM)
17. Financial services spends more than any other industry fighting cyberattacks. (Accenture)
18. Financial services has one of the lowest ransom payout rates by insurers, at 32% compared to 40% across all sectors. (Sophos)
19. 83% of financial services organizations reported having insured themselves against ransomware, which aligns with the global average. (Sophos)
20. $5.2 billion worth of bitcoin transactions are estimated to be tied to ransomware payouts. (Financial Crimes Enforcement Network)
Cybersecurity in Financial Services
21. The financial services industry reported the second-lowest rate of data encryption at 54%. The global average was 65%. (Sophos)
22. 52% of financial services organizations paid ransom to restore data after ransomware attacks, which is higher than the global average of 46%. (Sophos)
23. The rate of ransom payments by the financial services sector more than doubled, from 25% in 2020 to 52% in 2021. (Sophos)
24. The average remediation cost in financial services was $1.59 million. (Sophos)
25. 34% of organizations cited file sharing as posing the greatest sensitive content communications channel risk. (Kiteworks)
Compliance in Financial Services
26. 7 out of 10 financial institutions aren’t spending more than 12% of their overall IT budget on security. Most financial institutions, however, planned to increase their budget by 20% to 30% last year. (VMware)
27. On average, 70% of sensitive files in the financial services industry are stale. (Varonis)
28. 63% of financial institutions recorded a 17% spike in destructive cyberattacks. (Financial Expert)
29. 22.5% of financial firms listed unifying management, tracking policies, and reporting as their top priority around third-party sensitive content communications. (Kiteworks)
30. 7 out of 10 financial firms use four or more systems for tracking, controlling, and securing sensitive content communications with third parties. (Kiteworks)
Data Privacy and Compliance in Financial Services
Data privacy compliance in the financial services industry refers to the process of adhering to laws, regulations, and policies related to the collection, use, and protection of personal data in the financial sector. This includes measures such as properly informing customers about how their personal data will be used, obtaining consent for the collection and use of data, protecting data from unauthorized access or misuse, and ensuring that data is accurately and securely stored.
Financial institutions handle a large amount of personal data, such as customer names, addresses, Social Security numbers, financial account information, and other sensitive information. As such, it is important for these institutions to have strong data privacy practices in place to protect the privacy and security of their customers’ data.
There are numerous laws and regulations that apply to data privacy in the financial services industry, including the Gramm-Leach-Bliley Act (GLBA) in the United States, the General Data Protection Regulation (GDPR) in the European Union, and the Personal Data Protection Act (PDPA) in Singapore, among others. These laws set out requirements for financial institutions to follow to ensure that they are compliant with data privacy regulations.
Failure to track, control, and secure sensitive data communications can result in harmful impacts, including financial penalties, brand damage, and IP loss. And in the case of ransomware attacks, one can add the cost of ransom.
Kiteworks-enabled Private Content Network for Financial Services
Kiteworks ensures security and compliance in the financial services industry through a Private Content Network that delivers content-defined zero trust, enabling financial firms to conveniently collaborate and share sensitive content within and outside of their organizations while maintaining the highest levels of security and compliance. The Kiteworks platform is designed with a range of features that ensure data security, privacy, and compliance with industry regulations. These capabilities include:
• Encryption: Kiteworks utilizes encryption to ensure that all data is securely encrypted both in transit and at rest, preventing unauthorized access to sensitive data.
• Access control: Kiteworks enables users to control who can access shared content, allowing for granular access rights and permissions to ensure only authorized users can view, edit, send, and share sensitive data.
• Audit trails: Kiteworks provides detailed audit trails of user activity to help organizations track access and detect any unauthorized access or misuse of data. This also plays a critical role in demonstrating compliance with government and industry regulations.
• Compliance: Kiteworks is compliant with industry regulations, such as the Health Insurance Portability and Accountability Act (HIPAA), Financial Industry Regulatory Authority (FINRA), and GDPR, ensuring that financial services organizations remain compliant with data privacy laws and regulations.
By leveraging these powerful security and compliance features, Kiteworks helps financial services organizations protect sensitive data and ensure compliance with industry regulations. Kiteworks employs a content-defined zero-trust approach that assumes all users are not to be trusted by default, all content is not to be trusted by default, and enforcement of least privilege. Doing so enables financial firms to ensure private PII and PHI, IP, client financial records, insurance claims, and more remain private and in compliance with global regulations.
To see the Kiteworks Private Content Network in action, schedule a custom-tailored demo today.
Additional Resources
- Blog Post 115 Top Cybersecurity Stats in 2022
- Report Benchmark Your Sensitive Content Communications Privacy and Compliance
- Blog Post Discover the Top 15 Private Data Exposure Risks for 2023