Business is business. That means that business decisions often come down to pure dollars and sense, and result in actions and policies that seem to defy common sense. According to a new survey from Kaspersky Lab, that seems to be the case for many financial institutions when it comes to defending against cyber attacks.
Kaspersky Lab reports that 93 percent of financial institutions experienced some form of cyberthreat during the past year. Despite that clear and present danger, though, a fairly large percentage are still not doing enough to proactively protect customers against such attacks.
Consider other businesses faced with similar ethical dilemmas. The fans of a professional sports franchise want that franchise to win…a lot. All the time. But the franchise is a business, and it is very easy to run a profitable business by fielding a mediocre team. Last year the Houston Astros team was the worst in all of Major League Baseball, and it was the most profitable franchise in the history of the sport.
Manufacturers also go through a similar exercise. Defects or issues might be identified during development or production, but rather than rush to fix them the company will weigh the cost of fixing the problem against the likelihood that it will be a big enough issue for customers to complain, and what that might end up costing. In most cases, a company will take the gamble—running the risk of potential backlash later instead of accepting the guaranteed cost of actually dealing with the problem proactively.
That seems to be the situation financial services organizations find themselves in. They’re aware of the threats they face. They understand the risks. They know how to defend against those threats more effectively. Ultimately, though, they weigh the potential cost of reacting to an incident with the guaranteed cost of proactively defending against it, and take the gamble instead.
The one thing that isn’t really factored into that equation, though, is reputation. It might be cheaper to cover customers’ losses in the event of a breach than it is it implement security measures to guard against the breach in the first place, but once customer confidence is damaged it can have massive repercussions for the business.
According to the Kaspersky Lab survey, 74 percent of companies choose a financial institution based in part on its security reputation, and more than 80 percent would consider leaving a financial organization that suffered a data breach. Among consumers, Kaspersky Lab found that six out of ten prefer to do business with financial organizations that offer additional security measures to protect their data, and their money.
The good news is that more financial institutions appear to be recognizing the broader existential impact of a data breach. Kaspersky Lab found that 47 percent of financial companies think that loss of credibility/damage to reputation as a result of a data breach is the worst consequence to the company.
"While it is encouraging that financial services organizations recognize the damage to their reputation that can result from a cyberattack, it is concerning that many firms have not taken the necessary steps to implement proper security,” summed up Ross Hogan, global head of the Fraud Prevention Division for Kaspersky Lab. “We are seeing more and more cyberattacks targeting financial organizations and while many will take action to reimburse the financial losses as a result of cybercrime, the damage done to a financial organization’s reputation isn’t as easy to repair.”
To learn more, take a look at the full Kaspersky Lab IT Security Risks Survey 2014 Financial Security Report.