- The risk of cyberattacks has slowed down the progress of digital transformation for more than three out of five organisations.
- Four out of five financial services companies are turning to artificial intelligence (AI) to bolster their cybersecurity posture.
 |
| Source: Microsoft. The average economic cost of cyberattacks on financial services companies. |
A Frost & Sullivan study commissioned by Microsoft reveals that despite financial services being a highly regulated industry, more than half (56%) of the organisations surveyed have either experienced a security incident (27%) or are not sure if they have had a security incident as they have not checked (29%).
The study further reveals that over the last year, each cyberattack has cost large financial services companies in Asia Pacific an average of US$7.9 million in direct and indirect economic loss, and three out of five organisations have also experienced job losses resulting from cybersecurity incidents. For mid-sized financial services companies, the average economic loss due to a cybersecurity incident was US$32,000 per organisation.
These findings are part of the Understanding the Cybersecurity Threat Landscape in Asia Pacific: Securing the Modern Enterprise in a Digital World study* which was launched in May 2018, and aims to provide business and IT decision makers in the financial services sector with insights on the economic cost of cybersecurity breaches and to help to identify any gaps in their cybersecurity strategies.
These findings are part of the Understanding the Cybersecurity Threat Landscape in Asia Pacific: Securing the Modern Enterprise in a Digital World study* which was launched in May 2018, and aims to provide business and IT decision makers in the financial services sector with insights on the economic cost of cybersecurity breaches and to help to identify any gaps in their cybersecurity strategies.
To calculate the cost of cyberattacks, Frost & Sullivan created an economic loss model based on insights shared by the survey respondents. This model factors in two kinds of losses which could result from a cybersecurity breach:
Direct: financial losses associated with a cybersecurity incident – this includes loss of productivity, fines, remediation cost, etc; and
Indirect: the opportunity cost to the organisation such as customer churn due to reputational damage.
“Trust is foundational for all business decision-making. This is especially true when it comes to the financial services industry as they are protecting not only their own businesses, but also their customers’ data and financial assets,” explained Kenny Yeo, Industry Principal, Cyber Security, Frost & Sullivan.
“Trust is foundational for all business decision-making. This is especially true when it comes to the financial services industry as they are protecting not only their own businesses, but also their customers’ data and financial assets,” explained Kenny Yeo, Industry Principal, Cyber Security, Frost & Sullivan.
“For banks and other financial services organisations, the potential loss of trust and the consequent reputation damage is a far greater threat than the economic impact of a cybercrime.”
The study found that for financial services companies, remote code execution, online brand impersonation, ransomware and data exfiltration are the biggest concerns as they have the highest impact to the business and they often result in the slowest recovery time.
The study found that for financial services companies, remote code execution, online brand impersonation, ransomware and data exfiltration are the biggest concerns as they have the highest impact to the business and they often result in the slowest recovery time.
Online brand impersonation has become a threat that financial services companies face as they become increasingly digital. Cybercriminals are leveraging phishing techniques to create spoofed websites to steal customers’ identities and passwords to access financial accounts.
The study uncovered that data exfiltration has the most severe impact on financial services companies as cybercriminals infiltrate the organisations’ digital environment to steal proprietary intellectual property as well as customers’ personal information and financial data to sell in the underground economy.
While on one hand, financial services companies see great competitive advantage in offering advanced digital services to their customers, the study revealed that cybersecurity concerns and approaches are impeding their digital transformation journey:
· Cybersecurity concerns thwart digital transformation plans
While on one hand, financial services companies see great competitive advantage in offering advanced digital services to their customers, the study revealed that cybersecurity concerns and approaches are impeding their digital transformation journey:
· Cybersecurity concerns thwart digital transformation plans
More than three out of five (63%) of the business and IT leaders in the financial services sector have indicated that the fear of cyberattacks has derailed their organisations’ digital transformation plans, thus undermining the organisations’ ability to capture opportunities and diminishing their competitive advantage in the burgeoning digital economy.
Despite the fact that cybersecurity will likely be enhanced through the digital transformation process, the majority of respondents (40%) from financial services industry saw their cybersecurity strategy as merely a means to safeguard their organisations against cyberattacks. Only one out of four (25%) sees cybersecurity as a business advantage and an enabler for digital transformation.
· Security as an afterthought
Despite the fact that cybersecurity will likely be enhanced through the digital transformation process, the majority of respondents (40%) from financial services industry saw their cybersecurity strategy as merely a means to safeguard their organisations against cyberattacks. Only one out of four (25%) sees cybersecurity as a business advantage and an enabler for digital transformation.
· Security as an afterthought
If financial services companies do not view cybersecurity as one of the cornerstones of digital transformation, it will hinder their ability to deliver a “secure-by-design” digital project, thereby leading to products and services with security vulnerabilities.
The study reveals that only 28% of financial services companies that had fallen victim to a cyberattack considered building a cybersecurity strategy before the start of a digital transformation project, as compared to more than one out of three (35%) organisations that have not encountered any cyberattack.
The remaining respondents stated that they either considered cybersecurity after their projects have started, or they did not take cybersecurity into consideration when designing their digital transformation projects.
· Having too many security solutions may lead to longer recovery time
The study reveals that only 28% of financial services companies that had fallen victim to a cyberattack considered building a cybersecurity strategy before the start of a digital transformation project, as compared to more than one out of three (35%) organisations that have not encountered any cyberattack.
The remaining respondents stated that they either considered cybersecurity after their projects have started, or they did not take cybersecurity into consideration when designing their digital transformation projects.
· Having too many security solutions may lead to longer recovery time
The survey uncovered that financial services companies with fewer than 10 cybersecurity solutions were quicker to recover from cyber incidents than those with 26 to 50 cybersecurity solutions.
This debunks a popular misconception that deploying a large portfolio of cybersecurity solutions will render stronger protection. The reality is that the complexity of managing a large portfolio of cybersecurity solutions may lead to a longer recovery time for cyberattacks.
“Cybersecurity is one of the most pressing issues of our time and there are no silver bullets,” said Connie Leung, Senior Director, Financial Services Business Lead – Asia, Microsoft.
This debunks a popular misconception that deploying a large portfolio of cybersecurity solutions will render stronger protection. The reality is that the complexity of managing a large portfolio of cybersecurity solutions may lead to a longer recovery time for cyberattacks.
“Cybersecurity is one of the most pressing issues of our time and there are no silver bullets,” said Connie Leung, Senior Director, Financial Services Business Lead – Asia, Microsoft.
“The financial services sector is subjected to many laws and regulations relating to cybersecurity. These can be far-ranging and complex. In addition, financial services companies are working to enhance customer experience while applying the required controls. Global digitisation combined with unprecedented changes to the financial services business model is mandating transformation. To get there, financial services companies must embrace new digital business models that combine agility and security, with trust at the centre.”
Artificial intelligence (AI) has been on the frontlines of the fight against fraud for a while now, but has become more powerful thanks to machine learning and stronger computing power. Today, it is a weapon of choice for financial services companies to reduce cybersecurity risks. The study reveals that four in five (81%) financial services companies in the region have either adopted or are considering an AI-based approach to complement their cybersecurity strategy.
By rapidly analysing vast quantities of data and providing actionable insights for cybersecurity professionals, AI-driven cybersecurity architecture enables organisations to accomplish tasks, such as identifying cyberattacks and removing persistent threats like data exfiltration malware, faster than humans. This gives AI users an advantage and makes AI an increasingly vital element of any organisation’s cybersecurity strategy.
Details:
Read more about the study
*This study involved a survey conducted with 1,300 respondents from 13 markets - Australia, mainland China, Hong Kong, Indonesia, India, Japan, Korea, Malaysia, New Zealand, Philippines, Singapore, Taiwan and Thailand. Out of these 1,300 respondents, 12% of them are from the financial services industry.
All respondents are business and IT decision-makers involved in shaping their organisations’ cybersecurity strategies. About four in 10 (44%) of them are business decision-makers, including CEOs, COOs and directors, while 56% are IT decision-makers, including CIOs, CISOs and IT Directors. One third (29%) of participants are from mid-sized organisations (250 to 499 staff); and 71% are from large-sized organisations (more than 500 staff).
Artificial intelligence (AI) has been on the frontlines of the fight against fraud for a while now, but has become more powerful thanks to machine learning and stronger computing power. Today, it is a weapon of choice for financial services companies to reduce cybersecurity risks. The study reveals that four in five (81%) financial services companies in the region have either adopted or are considering an AI-based approach to complement their cybersecurity strategy.
By rapidly analysing vast quantities of data and providing actionable insights for cybersecurity professionals, AI-driven cybersecurity architecture enables organisations to accomplish tasks, such as identifying cyberattacks and removing persistent threats like data exfiltration malware, faster than humans. This gives AI users an advantage and makes AI an increasingly vital element of any organisation’s cybersecurity strategy.
Details:
Read more about the study
*This study involved a survey conducted with 1,300 respondents from 13 markets - Australia, mainland China, Hong Kong, Indonesia, India, Japan, Korea, Malaysia, New Zealand, Philippines, Singapore, Taiwan and Thailand. Out of these 1,300 respondents, 12% of them are from the financial services industry.
All respondents are business and IT decision-makers involved in shaping their organisations’ cybersecurity strategies. About four in 10 (44%) of them are business decision-makers, including CEOs, COOs and directors, while 56% are IT decision-makers, including CIOs, CISOs and IT Directors. One third (29%) of participants are from mid-sized organisations (250 to 499 staff); and 71% are from large-sized organisations (more than 500 staff).
No comments:
Post a Comment