Financial Services Cybersecurity Statistics in 2024
Posts by Kelly IndahOctober 26, 2023
The global pandemic hastened the conversion from traditional formats to digital options.
This was particularly relevant for financial services as the majority of them needed to digitize to survive.
While this enabled customers to continue using their services, the speed of the transfer meant that cyber security measures were not as strong as they could be.
In short, as the following financial services cybersecurity statistics will show, the industry became a prime target for cybercriminals.
The result has been rapid investment by financial institutions into cybersecurity.
Alongside protecting data files, the industry is also looking at all possible hacking options and devising defenses against them.
Key Statistics
The financial services sector is heavily invested in fighting cybercrime at all levels.
The following statistics show why they need to be.
- There was a 238% increase in financial services cyberattacks in the first 6 months of 2020
- The average financial services employee can access 11 million data files on their first day of work
- There are over 700 cyberattacks on financial firms per week
- 71% of financial services have seen an increase in wire transfer fraud
- 74% of industries in financial services have been victims of ransomware
- 43% of cyber attacks in the financial sector target small businesses
- The average cost of financial services data breaches is $5.72 million
- The first half of 2020 saw 36 billion records exposed
- 30% of financial cyberattacks are a result of insider threats
- 70% of financial institutions think cyberattacks are the biggest threat to their business
Top Financial Services Cybersecurity Statistics in 2024
1. There Was A 238% Increase In Financial Services Cyberattacks In The First 6 Months Of 2020
In 2021 VMware commissioned a report to find out how serious an issue cybersecurity is for the financial industry.
The report found an incredible leap of 238% in the number of attacks.
That was just in the first six months of 2020. In 2021, the same percentage increase was shown between February and April 2021.
It suggests the issue is steadily getting worse.
Indeed, 80% of financial businesses reported an increase in cyberattacks, showing that the cybercriminals are attacking anything they can.
(VMWare Carbon Black Report)
2. The Average Financial Services Employee Can Access 11 Million Data Files On Their First Day Of Work
The fact that a new employee can access 11 million data records on their first day in the job makes you question how much vetting every employee has.
After all, with so many data records accessible on day one, it probably only takes a matter of weeks to have access to billions of records.
Any cybercriminal could potentially be employed by a business just to steal their data.
That’s why many companies struggle to hire new employees. It can be hard to know who to trust.
(Varonis)
3. There Are Over 700 Cyberattacks On Financial Firms Per Week
In a clear sign that the financial services cybersecurity is dealing with a huge problem, it’s important to note there are over 700 cyberattacks on financial firms per week.
The study showed that there were 50% more attacks each week in 2021 as compared to the same period in 2020.
That’s a significant increase, especially if businesses aren’t ready for cyberattacks.
(Check Point)
4. 71% Of Financial Services Have Seen An Increase In Wire Transfer Fraud
Cybercriminals will use a variety of methods to access financial records and extract funds.
One of the most popular at the moment is wire transfer fraud. That’s because it can be very difficult to trace the funds.
This approach has increased significantly in the last 12 months.
In fact, reports suggest 71% of financial institutions have experienced more wire transfer fraud attempts than in previous years.
(VMWare)
5. 74% Of Industries In Financial Services Have Been Victims Of Ransomware
Ransomware is another very popular approach by cybercriminals.
All they need is access to your system, this allows them to encrypt your data files. It’s highly unlikely that you’ll be able to work out the encryption code.
That means, to get your data back you need the hackers to unencrypt it. They do this for a fee.
Financial services companies can pay the ransom and regain their data, or disconnect from the network, find the encryption key, and unlock the data.
Unlocking the data is usually difficult and time-consuming, that’s why many companies simply pay the ransom.
In fact, the report shows that 63% of businesses attacked by ransomware will pay the ransom to restore their data.
(VMware)
6. 43% Of Cyber Attacks In The Financial Sector Target Small Businesses
Small businesses often feel they are less likely to be targeted.
After all, they don’t have the same number of financial and personal records as the biggest financial institutions.
Unfortunately, small businesses also don’t have the same budget to protect them against cybersecurity threats.
In general, hackers will have more luck getting data records from a small business than they will from a large one.
That makes small businesses an attractive target, which is why the latest figures show 43% of cyber attacks within the financial sector target small businesses.
(VMware)
7. The Average Cost Of Financial Services Data Breaches Is $5.72 Million
Data breaches cost a business and its insurers money. Any financial data stolen allows the cybercriminals to remove funds from business and customer accounts.
It can even allow them to steal identities and access more money.
However, that’s not the only way in which data breaches cost financial institutions money.
When a breach happens the company has a duty to report it.
That means customers know and they will lose confidence in the business.
This will result in customers using a different service in the future. This can have a significant impact on the bottom line.
The latest IBM report shows that the average business will lose $5.72 million after a single data breach.
(IBM)
8. The First Half Of 2020 Saw 36 Billion Records Exposed
Just one successful cyberattack can release millions or even billions of data records.
It all depends on which financial institution has been hacked.
With over 700 financial services attacks every week, it’s inevitable that some will succeed.
That’s why according to the latest IBM report, the first half of 2020 saw an astonishing 36 billion data records hacked, with their details exposed.
(IBM)
9. 30% Of Financial Cyberattacks Are A Result Of Insider Threats
Insider threats cover any employee of a business who has a legitimate right to access data records.
In most cases employees use this access to get their job done.
However, in some cases the data is exposed, either accidentally or intentionally.
Doing so consists of a data breach but it’s been caused by someone within the company.
The name for this is an insider threat.
Unfortunately, according to the latest Verizon report, this happens in 30% of cyberattacks.
Insider threats cost the financial industry $14.5 million a year and the figure is increasing.
(Verizon)
10. 70% Of Financial Institutions Think Cyberattacks Are the Biggest Threat To Their Business
A review of supervisors within the industry noted that 70% of them feel cyberattacks are the biggest threat to the survival of their business.
This perception is directly related to the increase in number and complexity of cyberattacks.
It’s increasingly difficult for a financial institution to ward off all attacks.
That’s despite spending more than any other industry fighting cyberattacks.
(Conference Of State Bank Supervisors)
The Most Common Cyberattacks
Every business within the financial services sector should be aware of the most common forms of cyberattack.
It will help you be prepared to defend against them.
Phishing
Phishing remains one of the most popular ways to hack any network, financial or otherwise.
The usual approach is to send an email which looks like genuine communication.
This advises the target that their account has been compromised but their funds are safe.
It then requests you verify your account activity and provides a link allowing you to log in.
The email and the website which the link takes you to, look genuine. Unfortunately, they are not.
When entering your login details you are actually giving them to the hackers.
They can then use this to enter your system and steal all the data.
Ransomware
This is another very popular approach. It relies on the businesses’ need to keep a data breach secret.
After all, revealing one has occurred is bad for business.
The ransomware attack is often launched through an email. This time, when you click the link it installs software without you knowing it.
The cybercriminals then use the software to hack your computers and encrypt the data.
You can’t use the systems and the hackers may even threaten to release the data.
It can only be unencrypted with a key, and you have to pay the ransom to get this.
This approach is becoming increasingly common and is surprisingly effective.
Over half of the financial institutions pay the ransom.
DDoS Attacks
A Distributed Denial Of Service attack is when hackers send fake connection requests to a company server. This seems harmless.
However, when enough requests are sent at the same time, the server can’t handle them all.
It is effectively forced to go offline, depriving customers access to their accounts. It can cause a significant amount of damage to a company’s reputation.
The hackers will either offer to resolve the DDoS for a fee, effectively making it a ransom demand.
Or, they will launch a DDoS with the aim of distracting the cybersecurity team, potentially allowing them to hack the system differently.
This has also become a popular option as financial services have noted a 30% increase in DDoS attacks within the last 12 months.
Password Hacking
If you take cybersecurity seriously all your employees will use a designated and reputable password manager, such as NordPass.
This is designed to generate the passwords for you, ensuring they are strong passwords.
Users only need to remember one password to get into the password manager and access all their other passwords.
Strong passwords have at least 12 characters. These include lower and uppercase letters, numbers, and even special characters.
Weak passwords, which don’t have the above criteria and have a relevance to your daily life, are surprisingly easy to hack, allowing a cybercriminal access to your sensitive financial information and other data records.
Supply Chain Attacks
A supply chain attack happens when cybercriminals manage to hack a third party that you deal with regularly.
This is surprisingly common as financial services’ third-party associates are often less rigorous in their approach to cybersecurity.
This makes it easy for hackers to get into their systems and then, indirectly, hook into yours.
They use the third-party credentials as they are allowed into your system.
From there, the hacker can help themselves to sensitive data, often from more than one financial institution.
It’s important that all third parties are properly checked to ensure they are using the most secure networks possible.
Summing Up
The financial services cybersecurity statistics paint a grim picture.
The industry is struggling with waves of attacks, some of which are inevitably successful.
That’s what makes it essential that all personnel are vigilant about security threats and take the necessary action.
To ensure this happens, all employees should be aware of the statistics, what the most common threats are, and how they should react.
That’s the best chance of reducing the number of successful attacks in the future.