The risk of cyberattack on financial services firms cannot be overstated. Cyberattacks cost financial services firms more to address than firms in any other industry at $18 million per firm (vs. $12 million for firms across industries). Financial services firms also fall victim to cybersecurity attacks 300 times more frequently than businesses in other industries. In other words, while the typical American business is attacked 4 million times per year, the typical American financial services firm is attacked a staggering 1 billion times per year.
Although 1 billion times per year is significantly less frequent than the 4 billion times that the U.S. Postal Service was attacked in 2016 (primarily as a backdoor for cybercriminals into the rest of government), 1 billion times per year is still nearly 2,000 attacks per minute or over 30 attacks per second. The rate of breaches, or theft of sensitive data, in the financial services industry has tripled over the past five years.
Among financial services firms, banks lost $16.8 billion to cybercriminals in 2017. Attacks on SWIFT—the leading global network for money and security transfers—alone cost $1.8 billion year-to-date. Costs of cybercrime also include regulatory fines, litigation, additional cybersecurity following the breach, the need to respond to negative media coverage, identity theft protection and credit monitoring services to customers affected by breach and lost business due to reputational damage. According to Ponemon Institute’s consumer sentiment study, data breaches are in the top three of incidents that affect reputation, along with poor customer service and environmental incidents.
It should come as no surprise that the U.S. Treasury views cyberattacks as one of the key threats to U.S. financial stability and that cybersecurity (including data security and consumer protection) is one of the most important sustainability issues for the financial services sector according to multiple environmental, social and governance (ESG) standards-setting, research and ratings organizations. These organizations range from the Sustainability Accounting Standards Board (SASB) to Sustainalytics, and their work affects the allocation of the $23 trillion in AUM being professionally managed under sustainable strategies.
Safeguarding data requires strong cybersecurity. As Sun Tzu explains in Art of War, security implies defensive tactics.