The costs incurred by data breaches reached an all-time high during 2022 and banking is the second industry facing the highest losses. This position shows that financial institutions are not investing enough in data prevention and security, which then has a knock-on effect their customers.
This is one of the main conclusions reached by the report published by IBM Security, “Cost of a Data Breach Report 2022” that has studied 550 organizations impacted by data breaches that occurred between March 2021 and March 2022 across 17 countries and regions and in 17 different industries.
The financial industry is highly vulnerable according to IBM Security
As reported by the article from The Banker Data security underinvestment leaves financial institutions in peril “fines for data breaches imposed on financial institutions (FIs) had fallen from $10.6bn in 2020 to $5.37bn in 2021”. But the fact that the banking sector has come second place for data breach losses cannot be ignored, with an increase from $4.72 million USD in 2021 to $5.97 million USD in 2022, behind only the healthcare industry.
Among the 550 organizations surveyed by IBM Security, only 17% stated they had experienced their first data breach in the past year, compared to 83% of organizations that have already experienced more than one breach, highlighting the vulnerability of financial services firms. The cost of a data breach has increased by 2.6% during 2022. “Organizations with fully deployed security AI and automation took an average of 181 days to identify and 68 days to contain the data breach, for a total lifecycle of 249 days. Those organizations with no security AI and automation deployed took an average 235 days to identify and 88 days to contain a breach, for a total lifecycle of 323 days, which was 74 days longer than organizations with fully deployed security AI and automation” explica el informe. The average time to identify and contain a breach was a total of 299 days with partially deployed security AI and automation.
“The financial sector is one of the main targets of cybercrime and banks need to invest in technologies that strengthen and improve their security and that of their customers. Banks currently have technological tools at their disposal such as Latinia’s Subscription Rules Engine and Gateway that allow them to minimize the risk of digital fraud and establish protection strategies for their customers and lower threats,” says María José Echevarría, Business Manager for North Latam at Latinia.
The impact of cloud technology on cybersecurity
Another area that the IBM Security publication looks at is the impact of cloud technology and its maturity in terms of data breach security. As stated in
the report, 43% of the companies surveyed had not implemented practices to secure their cloud environments or were in the early stages of doing so. Some 34% were in the intermediate stage and 23% were already applying security practices uniformly across all domains, positioning themselves at the mature stage and thus achieving a lower-than-average cost of a data breach.
Paul O’Leary, a partner at the tax and consulting firm RSM, highlights “the importance of having regular staff training in place. These organizations should follow good practice information security guidance, such as the NIST principles, ISO 27001 information security management, the [UK] government’s NCSC 10 steps to cyber security and the cyber essentials scheme”.
“The IBM Security report shows that banks that have implemented artificial intelligence and security automation technology are further ahead in the game when it comes to identifying and containing cyber attacks than those that have not yet embarked on their digital transformation journey. For this reason, at Latinia we promote new technologies like the cloud so that our customers can quickly reach a mature stage of protection for their environments and can identify and contain data leaks,” concludes María José Echevarría of Latinia.