Eighty-six percent of financial services firms plan to spend more time and resources on cyber security in the coming year, a recent Duff & Phelps survey of 183 senior financial service professionals found.
That’s a significant increase from 2016, when less than 60 percent of firms said they planned to do so.
Similarly, 31 percent of respondents said they expect cyber security to be the top priority for regulators this year — a 63 percent over 2016, when just 19 percent expected it to be the focus.
Twenty-one percent of respondents said anti-money laundering and “know your customer” considerations will be a top regulatory focus.
“Cyber security is at the top of the agenda for financial services firms today,” Jason Elmer, managing director for compliance and regulatory consulting at Duff & Phelps, said in a statement. “In the wake of high profile cyber attacks, many are anticipating clearer and more punitive cyber security regulation to be implemented.”
“Firms are proactively looking to strengthen cyber defenses as a result, and this is an opportunity for regulators to collaborate with financial institutions to form new rules,” Elmer added. “What’s also clear is that commercial pressures from investors concerned about the security of their sensitive data will accelerate any attempt to improve cyber security measures.”
The Cost of a Breach
A separate Kaspersky Lab survey of more than 800 representatives of financial institutions worldwide found that the cost of a single cyber security incident to a financial institution in the U.S. can be as much as $1,165,000.
In the U.S., financial institutions’ top concerns are phishing/social engineering attacks on customers (53 percent), attacks on local/branch offices (33 percent), on digital/online banking services (31 percent), on core transactional/back-office systems (23 percent), and on point-of-sale systems (20 percent).
Two thirds of the banks surveyed by Kaspersky said they had fallen victim to some type of financial fraud.
“Given the substantial monetary losses from cyber attacks, it is not surprising that financial organizations are looking to increase spending on security,” Kaspersky Lab vice president for enterprise business Veniamin Levtsov said in a a statement.
“We believe successful security strategies for financial organizations lie in a more balanced approach to allocating resources — not just spending on compliance, but also investing more in protection from advanced targeted attacks, paying more attention to personal security awareness and getting better insights on the industry-specific threats,” Levtsov added.
Concerns About Hacking
Separately, the 2016 Travelers Risk Index, based on a survey of 1,202 business owners and decision makers, found that 72 percent of respondents in the banking and financial services industry cited cyber threats as a top risk, far ahead of other industry averages at 54 percent.
Fifty-nine percent of respondents in the banking and financial services industry expressed concern about a security breach via hacking, and 50 percent expressed concern about the potential for theft or loss of control of the company’s customer or client records.
Forty-eight percent expressed concern about understanding and complying with U.S. laws and regulations that have an impact on their business, and 42 percent expressed concern about someone using email or other social engineering to trick employees into transferring company funds erroneously.