The Causes and Costs of Data Breaches in the Financial Industry


A data breach can be a costly affair. IBM and the Ponemon Institute’s 2016 Cost of Data Breach Study estimates that information breaches cost companies an average of $4 million each in the short-term, which is a 29% increase since 2013. The actual long-term cost of a breach can be much greater – over the course of 11 years, a breach is estimated to cost an average of $7.01 million. This number is even higher in the financial services industry, due to the impact from lost customers.

Loss or theft of essential financial information can damage a firm’s reputation, lose the trust of clients and lead to a significant reduction in employee productivity. Let’s examine the sources of data breaches and dig into their short and long-term expenses. From there, we can outline the steps you can take to ensure your firm’s data remains safe from digital threats.

Recent Trends In Financial Industry Data Security

Companies in the financial industry are hit hard by data breaches for a variety of reasons, and the risks are real. The 2016 Financial Cybersecurity Report issued by SecurityScorecard states that 75% of the top 20 U.S. banks (by revenue) are infected with malware, and that nearly 1 in 5 financial institutions use an email service provider with “severe security vulnerabilities.” Other notable findings include:

  • 95% of the top 20 U.S. commercial banks have a Network Security grade of ‘C’ or below
  • The financial industry ranked fourth in its overall security rating, behind construction, information services and technology
  • Despite this ranking, the industry’s IP Reputation score and Network Security score (among others) were below average, and “low IP Reputation scores are over three times more likely to experience a data breach compared to companies with a high IP reputation score”
  • Financial services ranked fifth in the percentage of major data breaches by industry

With the threat of data breaches looming large, financial institutions are responding by investing more in cybersecurity. According to PwC’s 2017 Global State of Information Security Survey, there has been a whopping 67% increase in cybersecurity spending since 2013.

The Root Causes Of Financial Data Breaches

IBM and the Ponemon Institute estimate that 50% of data breaches are caused by malicious or criminal attacks, while 27% resulted from system glitches and 23% from negligent employees. These statistics reveal that data security strategies need protection against both internal and external threats, including system malfunctions, employee error and outside individuals and groups that intend to steal the data to withdraw money, open lines of credit, commit identity theft, blackmail clients or engage in other types of criminal activity.

In addition, malicious attacks were more expensive: “Companies that had a data breach due to malicious or criminal attacks had a per capita data breach cost of $236, significantly above the mean of $221. In contrast, system glitches or human error as the root cause had per capita costs below the mean ($213 and $197, respectively).”

Inside The Costs

The cost of a data breach is influenced by a series of components, and one of the most prevalent for the financial industry is churn: the loss of customers after a theft of sensitive information. The financial industry experiences “a relatively high abnormal churn,” according to Ponemon/IBM, and industries above a 4% churn rate incur even greater expenses, boosting the cost of a single breach over 11 years to an average of $12.1 million. Other notable cost categories include:

  • Detection and escalation costs: $0.73 million
  • Notification costs: $0.59 million
  • Post data breach costs: $1.72 million
  • Lost business costs: $3.97 million

In addition, companies spent more on indirect costs, or “the time employees spend on data breach notification efforts or investigations of the incident,” than direct costs, or “what companies spend to minimize the consequences of a data breach and to assist victims.” The average indirect cost per breached record was $145, whereas direct costs were $76.

How To Prevent Data Breaches

To effectively prevent data breaches, companies in the financial industry need to invest in the infrastructure and expertise to protect themselves. And if financial executives truly want to safeguard their organizations, they’ll also need to educate themselves about the constantly-evolving threats their company faces.

Once executives understand more about cybersecurity, they’ll want to work to identify potential gaps in their security strategies, and find workable solutions to fill them. These include educating employees about data breaches, instituting new employee policies for increased data safety and taking on the task of updating software and hardware systems, if necessary.

Mid-market firms can also consider hiring a qualified Chief Information Security Officer (CISO). This trained and certified employee is responsible for developing, executing and maintaining an effective information security strategy, as well as creating emergency incident response plans to ensure that your entire team is prepared if and when a breach takes place.

What To Do If Your Firm Has Been Breached

If your firm has recently been the victim of a serious data breach, you’ll need to take action quickly to remedy the situation, and your number one goal should be to win back the trust of your clients. Today’s customers are understandably careful with their financial information, and you’ll need to give them a reason not to take their business elsewhere.

The first order of business is to be as transparent as possible about the type and extent of the breach. If you think there’s even a tiny chance that a client’s account or information could be affected, it’s your responsibility (and often a legal requirement) to let them know immediately.

Next, tell the client exactly what you plan to do to investigate the situation, and any urgent steps they might need to take, such as switching usernames or passwords, closing accounts, or monitoring credit card statements or credit scores.

Finally, tell them what you’re doing to prevent this situation from occurring again. And consider offering them a token of good faith, such as a discount, check, gift card or check, to show that you seriously value the integrity of their financial information.

At Champion Solutions Group, we understand the multitude of threats to your financial firm’s data, and we have the experience and the expertise to create a custom solution for your business. That’s why we’ve partnered with Palo Alto Networks, which offers an industry-leading, next-generation firewall solution to safeguard data against all types of external threats. Our partner Varonis offers DatAdvantage, a tool that prevents and identifies internal breaches by effectively keeping track of your data.

Contact us today at 800-771-7000 or through our contact form to learn how we can help your company’s systems work more efficiently and securely.


IBM and SAP's S/4HANA are Transforming How Enterprise Businesses Function


How To Defend DNS Tables From Data Loss After an IoT Bot Attack