Background
2nd September 2024

The Average Cost of a Data Breach in the Finance Sector is $6.08 Million, a Staggering 22 Percent Higher Than the Global Average of $4.88 Million

IBM’s 2024 Cost of a Data Breach report has highlighted the increasing cost for organisations that suffer a data breach in the finance sector.

Scroll
Article Image Circle Circle

Home  »  Articles  »  The Average Cost of a Data Breach in the Finance Sector is $6.08 Million, a Staggering 22 Percent Higher Than the Global Average of $4.88 Million

The Average Cost of a Data Breach in the Finance Sector is $6.08 Million, a Staggering 22 Percent Higher Than the Global Average of $4.88 Million
A digital alert icon over glowing binary code represents a cybersecurity threat or data breach.

According to IBM’s 2024 Cost of a Data Breach report, finance has the second highest breach costs of the 17 industries studied 

By AJ Thompson, CCO, Northdoor plc   

 IBM’s 2024 Cost of a Data Breach report has highlighted the increasing cost for organisations that suffer a data breach in the finance sector. The report found that the average cost of a data breach is now at $6.08 million, which is a staggering 22 percent higher than the global average of $4.88 million and the second highest cost of the 17 industries studied. It is also a three percent increase compared to 2023. 

 The report found that there were three initial attack vectors, phishing (16 percent of all breaches), compromised credentials (15 percent of all breaches) and cloud misconfiguration (12 percent of all breaches). The average total cost of a breach of 50 million records is $375 million, with the average cost of a ransomware related breach coming in at $4.91 million. 

Why do cybercriminals target the finance sector?  

Financial services handle highly sensitive data like financial credentials and personally identifiable information (PII) daily. This data is incredibly valuable to threat actors, who can use it to redirect payments, sell PII on the dark web, or hold critical files for ransom to extort huge amounts of money. 

Although large financial institutions are inevitable targets, smaller firms with fewer dedicated cyber security teams and resources to deal with cyber threats have just as much to lose from an attack.  

Malicious threat actors are taking advantage of digital transformation and pose a growing threat to the global financial system, financial stability, and confidence in the integrity of the system.  

The use of legacy systems 

It is also still very common for financial services to use legacy systems for core business functions. The sector has a heavy and complex regulatory environment in which they operate. Working to tried and tested methods that adhere to the current regulations is the safest and to many, the best option. 

However, many systems are also outside of Microsoft support leaving the organisations open to massive vulnerabilities like data loss, system breaches, and potential regulatory headaches.  

Another one of the major pitfalls of legacy systems is that they are often left to their own devices going largely unnoticed until there is a problem. The lack of regular use and updates can lead to security vulnerabilities, making them easy targets for cyber criminals.  

The financial sector is only second to healthcare on the data breach list, with an average cost of a breach coming in at $.6.08 million. The time it takes to identify and contain a cyberattack within the financial sector is also worryingly high. IBM’s report found that it takes 168 days to identify an attack and an additional 51 days to contain it.  

Digital disruption 

The financial sector has experienced unprecedented digital disruption in recent years. Financial institutions face stiff competition from FinTech companies and BigTech players like Apple, Google, and Amazon, which leverage technology to offer innovative financial services to their customers. While these technological advancements provide opportunities to streamline operations and enhance customer experiences, they also introduce new cybersecurity risks. 

Financial institutions are struggling to balance the need for robust cybersecurity measures with the demand for seamless user experiences. As we have seen, legacy systems are still in use in many organisations making it easier for cybercriminals to exploit vulnerabilities. Also, ensuring that third-party vendors adhere to stringent cybersecurity standards adds another layer of complexity. 

The impact of the cyber skills shortage 

There is an acute shortage of cybersecurity expertise in the finance sector, leaving many financial institutions vulnerable to cyber threats. Ignoring the cybersecurity skills gap can have dire consequences for financial institutions. Cybersecurity breaches can lead to significant financial losses, reputational damage, and legal repercussions. 

IBM’s report found that more than half of breached organisations are facing high levels of security staffing shortages. This issue represents a 26.2 percent increase from 2023, a situation that corresponded to an average $1.76 million more in breach costs. Even though one in five organisations say they used some form of Generative AI (GenAI) security tools, which is expected to help close the gap by boosting productivity and efficiency, the skills gap remains an issue. 

Maintaining Consumer Trust 

Trust is the cornerstone of the financial services industry. Customers entrust their money and personal data to financial institutions, expecting them to keep it safe. Any breach of this trust, such as a data breach or a successful cyberattack, can severely damage a financial institution’s reputation and customer relationships. By protecting financial transactions and customer data, cybersecurity in financial services helps maintain consumer trust. It reassures customers that their data and money are safe, fostering confidence in the financial institution’s services. 

AI and Automation 

This year’s report found that organisations that applied AI and automation to security prevention saw the biggest impact from their AI investments compared to three other security areas: detection, investigation and response. In total an average cost saving of $2.22 million over those organisations that didn’t deploy AI security technology. 

Those who used incident response (IR) teams and testing made cost savings of $248K compared to those who didn’t use IR. Those who used an identity and access management (IAM) strategy that supports hybrid environments and user experience, also made cost savings of $223K, as opposed to those who did not. The 28 percent of financial institutions that extensively used AI and automation security tools made cost savings of $1.9 million versus those who didn’t use any AI and automation security tools. 

As we have seen, one of the main routes in for cyber criminals is through employees, third-parties and other suppliers. Supply chains in the finance sector tend to be incredibly large and complex and so many organisations find it almost impossible to have any insight into where vulnerabilities might lie in the network.  

Going beyond threat detection 

AI and automation’s contribution to finance cybersecurity goes beyond threat detection- it is incredibly proactive in prevention as well. Traditionally, security measures often rely on known patterns of attack, leaving organisations vulnerable to new and evolving threats. Using AI allows organisations to adapt to threats by detecting anomalies that may not conform to established attack patterns. 

AI can help identify suspicious behaviour within a finance sector, such as employee access patterns suddenly changing, or if there is an unusual volume of data accessed after hours. AI systems can flag these activities for investigation and this rapid detection allows security teams to respond swiftly, minimising potential damage. 

Correlating data manually can also be a time consuming if not impossible task. However, AI can collect data from multiple sources, providing a comprehensive view of potential threats. This allows for early detection of advanced, multi-stage attacks that might otherwise go unnoticed. 

Turning to third-party IT consultants 

Financial institutions play a critical role in the global economy, facilitating transactions, offering credit, and enabling individuals and entities to invest and grow. Financial institutions handle a huge amount of money and sensitive data, making them a very attractive target for cybercriminals. 

The only way to effectively protect financial institutions is to have a 360-degree, 24/7 overview of the whole supply chain. With internal teams struggling with workload already, many are turning to qualified third-party Security Operations Centres provided by IT service consultancies. They have teams of experts who can supplement internal teams allowing for a comprehensive view of where vulnerabilities lie. This then allows financial organisations to have urgent conversations with supply chain partners to shut the vulnerabilities before they are exploited by cybercriminals.  

Financial institutions can protect their operations, comply with regulatory requirements, and maintain customer trust in an ever-evolving cyber threat landscape by engaging third-party IT consultants. These consultants who ensure that vulnerabilities are found, shut and critically, remain shut. By deploying AI and automation security solutions, the financial sector can navigate the complexities of cyber threats and emerge stronger and more secure. 

AJ Thompson

Categories: Articles, Cyber Security, Digital Finance

Plane
Quarterly Newsletter

Sign up to our quarterly newsletter to receive the latest and most relevant updates, interviews and opinions from finance’s leading lights.

Subscribe
Covers
Explore Previous Issues

View the latest issue of the Wealth & Finance digital magazine which features business profiles of leading industry insiders who are thriving in the finance and investment sector.

See Latest Issues
Trophy
Explore Previous Awards

Click here to view our current and archived Award programmes.

See Our Awards
Other Articles You Might Like
See All Articles
Low Interest Rates and Inflation Are Wiping Out The Nation’s SavingsREAD MORE
Articles19th February 2020Low Interest Rates and Inflation Are Wiping Out The Nation’s Savings

Inflation effectively shrinks the value of your money over time and according to the Consumer Price Index, which tracks the cost of household items, the value of £1,000 on the high street at the start of 2012, would now have climbed to £1,153 today.

Why Cryptocurrency Will Define How We Do BusinessREAD MORE
Articles20th August 2018Why Cryptocurrency Will Define How We Do Business

3 reasons cryptocurrency is likely to be ‘the future of commerce’

KKR Invests in Avendus CapitalREAD MORE
Articles17th November 2015KKR Invests in Avendus Capital

Move designed to help build a next generation multi-asset financial services platform.

Bitcoin to Hit Fresh Highs – But Standby for Regulator-Triggered Price SwingsREAD MORE
Articles19th February 2021Bitcoin to Hit Fresh Highs – But Standby for Regulator-Triggered Price Swings

The Bitcoin price nears $50,000 and will continue to reach new highs in this first quarter of 2021 – but investors should also expect volatility due to increasing regulatory scrutiny. This is the warning from Nigel Green, CEO and founder of deVere Group, one of the world’s largest independent financial advisory and fintech organisations. It comes after the cryptocurrency hit more than $49,700 for the first time in history on Sunday.

Marketing Expense Management for Start-ups: a How to GuideREAD MORE
Articles28th September 2022Marketing Expense Management for Start-ups: a How to Guide

One of the most essential aspects of any company start-up, is your business marketing. How you manage your marketing can be pivotal to the overall success of your company, and how well it develops and grows.

Business Elite CEO of the Year 2016READ MORE
Articles29th June 2016Business Elite CEO of the Year 2016

Founded in 2001 and headquartered in London, Asite helps people share information and build knowledge in a secure cloud environment. Asite’s cloud technology gives everyone involved in projects access to key information online in a secure environment. It allows for increased collaboration, fewer mistakes and reduced rework, giving huge time and cost savings. In an interview with the firm’s CEO - Tony Ryan, he reveals that he was honoured to be awarded the Business Elite CEO of the Year 2016, and sheds light on Asite’s cloud technology.

Risk and Opportunity in Today’s Crypto MarketREAD MORE
Articles12th October 2021Risk and Opportunity in Today’s Crypto Market

For millions of new and experienced traders and investors all over the world, cryptocurrency represents one of the best ever opportunities for making a profit.

Grow Africa Partners Double Investment Plans for Agriculture to $7.2 BillionREAD MORE
Articles2nd May 2014Grow Africa Partners Double Investment Plans for Agriculture to $7.2 Billion

Investment commitments by partner companies of Grow Africa – a programme established by the World Economic Forum, NEPAD and the African Union to accelerate the transformation of African agriculture – doubled to $7.2 billion in 2013.

An Alpine Luxury Resort of the Highest CalibreREAD MORE
Articles5th May 2017An Alpine Luxury Resort of the Highest Calibre

The high Alpine luxury resort St. Moritz is 1,800 metres (5,910 ft) above sea level, a place I recently visited to enjoy luxury hotel facilities, as well as winter sports including skiing not to mention the gastronomic wonders of the region.

Strong Growth Expected in European ETF MarketREAD MORE
Articles22nd September 2015Strong Growth Expected in European ETF Market

Source is already capitalising on this market growth as it reveals today that it has attracted US$3.4 billion of assets so far this year, equivalent to 20% of the firm’s assets under management at the beginning of the year. Just over half of this (US$1.8bn) has been into fixed income ETFs, with US$1.3 billion into equity ETFs and US$0.3 billion into commodity products.

Arrow

Wealth & Finance International is part of AI Global Media

Discover our 10+ brands covering different sectors
APAC InsiderBUILD MagazineCorporate VisionEU Business NewsGHP NewsAcquisition InternationalNew World ReportMEA MarketsCEO MonthlySME NewsLUXlife MagazineInnovation in BusinessThe Business Concept