We recently shared some statistics that demonstrate the cost of cybercrime by industry. Particularly, that the annual combined loss from cybercrime in the US exceeded $525 million (USD) in 2015. While financial institutions have the highest risk of threat and the highest average annual costs caused by cybercrime, virtually every industry is at risk.
With increasing frequency, hackers are finding ways to do significant financial damage even if they are not directly trying to steal financial data. The recent 2016 NFL Draft (April 28-30) is a prime example. About 10 minutes before the start of the draft, hackers used the verified Twitter account belonging to potential top-five draft pick Laremy Tunsil to post a controversial video. The post instantly dropped his selection standing from top-five to 13, costing him several millions of dollars.
If we turn an example like this back to the banking industry, say someone holds a grudge against a bank as a result of damage they withstood during the recession. This individual or group could go after a bank’s reputation and do irreparable financial damage. For example, say a hacker got into the bank’s system and posted customers’ financial information on the internet. Alternatively, say a hacker commenced a denial-of-service attack on a bank’s website to shut down their online banking service for several days. These kinds of public violations communicate to the world that the institution is not a safe or secure place for customers to put their hard earned money.
Customer trust is key to a company’s reputation and their bottom line. If a bank loses customer trust—whether they have done that through their own action or inaction, or it has been done to them—the financial impact is much greater than the dollar amount.
Your Cyberattack Response Strategy
Banks must have a strategy in place not only to mitigate cyberattacks, but also to respond quickly in the event that a violation does occur. HORNE recommends that response strategy include four main actions:
- Focus on security. Make sure you have sufficient security systems and monitoring services to mitigate threats. Communicate those checks and balances measures to the world to give customers peace of mind and to dissuade potential hackers.
- Express confidence. If your bank is hacked, know how to respond directly and with confidence to minimize the negative impact of the cyberattack on the bank’s reputation.
- Help your customers. If your bank is hacked, don’t cause unnecessary panic, but encourage customers to do whatever necessary to control the impact. Communicate with customers why and how they can be extra cautious with personal data online to prevent further incidents.
- Be consistent. Respond to a cyberattack consistently across the organization. Hearing different stories from different departments will confuse customers and lead them to believe that the bank lacks control and a sufficient response strategy.
As the Tunsil story showed us all, threat actors see potential everywhere, and they don’t need to tap into financial records to do significant monetary damage.
Every team at HORNE works closely with our dedicated cybersecurity experts to help companies in banking and across virtually every other industry keep a finger on the risk environment. We’ve seen steps like these help to protect organizations from hackers that wish to cause harm any way they can. If we can help you to build a plan and put the measures in place to secure your environment, contact us.
Join the conversation and receive updates of new posts: