The risk of cyberattacks has slowed down the progress of digital transformation for the majority of financial services companies in Asia Pacific, while an even greater number are turning to AI to bolster their cybersecurity posture.
That’s according to a Frost & Sullivan study commissioned by Microsoft, which reveals that despite financial services being a highly regulated industry, more than half (56%) of organizations surveyed have either experienced a security incident (26%) or are not sure if they have had a security incident as they have not checked (27%).
“Trust is foundational for all business decision-making. This is especially true when it comes to the financial services industry as they are protecting not only their own businesses, but also their customers’ data and financial assets,” explained Kenny Yeo, industry principal for Cyber Security, Frost & Sullivan. “For banks and other financial services organizations, the potential loss of trust and the consequent reputation damage is a far greater threat than the economic impact of a cybercrime.”
The study found that for financial services companies, remote code execution, online brand impersonation, ransomware and data exfiltration are the biggest concerns as they have the highest impact to the business and they often result in the slowest recovery time.
Online brand impersonation is a rather unique threat that financial services companies faced as they become increasingly digital. Cybercriminals are leveraging phishing techniques to create spoofed websites to steal customers’ identities and passwords to access financial accounts.
The study uncovered that data exfiltration has the most severe impact on financial services companies as cybercriminals infiltrate the organizations’ digital environment to steal proprietary intellectual property as well as customers’ personal information and financial data to sell in the underground economy.
While on one hand, financial services companies see great competitive advantage in offering advanced digital services to their customers, the study revealed that cybersecurity concerns and approaches are impeding their digital transformation journey.
More than three out of five (63%) of the business and IT leaders in the financial services sector have indicated that the fear of cyberattacks has derailed their organizations’ digital transformation plans, thus undermining the organizations’ ability to capture opportunities and diminishing their competitive advantage in the burgeoning digital economy.
It was rather revealing that despite the fact that cybersecurity will likely be enhanced through the digital transformation process, the majority of respondents (40%) from financial services industry saw their cybersecurity strategy as merely a means to safeguard their organizations against cyberattacks. Only one out of four (25%) sees cybersecurity as a business advantage and an enabler for digital transformation.
If financial services companies do not view cybersecurity as one of the cornerstones of digital transformation, it will hinder their ability to deliver a “secure-by-design” digital project, thereby leading to products and services with security vulnerabilities.
The study reveals that only 28% of financial services companies that had fallen victim to a cyberattack considered building a cybersecurity strategy before the start of a digital transformation project, as compared to more than one out of three (35%) organizations that have not encountered any cyberattack.
The remaining respondents stated that they either considered cybersecurity after their projects have started, or they did not take cybersecurity into consideration when designing their digital transformation projects.
Another interesting finding is that having too many security solutions may lead to longer recovery time. The survey uncovered that financial services companies with fewer than 10 cybersecurity solutions were quicker to recover from cyber incidents than those having 26 to 50 cybersecurity solutions.
This debunks a popular misconception that deploying a large portfolio of cybersecurity solutions will render stronger protection, the report says. The reality is that the complexity of managing a large portfolio of cybersecurity solutions may lead to a longer recovery time for cyberattacks.
The study further reveals that over the last year, each cyberattack has cost large financial services companies in Asia Pacific an average of $7.9 million in direct and indirect economic loss, and three out of five organizations have also experienced job losses resulting from cybersecurity incidents. For mid-sized financial services companies, the average economic loss due to a cybersecurity incident was $32,000 per organization.
To calculate the cost of cyberattacks, Frost & Sullivan created an economic loss model based on insights shared by the survey respondents. This model factors in two kinds of losses which could result from a cybersecurity breach:
- Direct: Financial losses associated with a cybersecurity incident – this includes loss of productivity, fines, remediation cost, etc; and
- Indirect:The opportunity cost to the organization such as customer churn due to reputational damage.
AI has been on the frontlines of the fight against fraud for a while now, but these days, it’s more powerful than ever, thanks to machine learning and stronger computing power. Today, it is a weapon of choice for financial services companies to reduce cybersecurity risks. The study reveals that four in five (81%) financial services companies in the region have either adopted or are considering an AI-based approach to complement their cybersecurity strategy.
By rapidly analyzing vast quantities of data and providing actionable insights for cybersecurity professionals, AI-driven cybersecurity architecture enables organizations to accomplish tasks, such as identifying cyberattacks and removing persistent threats like data exfiltration malware, faster than any humans, thus making it an increasingly vital element of any organization’s cybersecurity strategy.