Malicious insider attacks are the most expensive and lengthy attacks to resolve for financial services firms

Published: Wednesday, 17 July 2019 06:51

The cost to address and contain cyber attacks is greater for financial services firms than for companies in any other industry and the containment costs continue to rise, according to a report from Accenture and the Ponemon Institute. 

The report, ‘Unlocking the Value of Improved Cybersecurity Protection’, examines the costs that organizations incur when responding to cyber crime incidents and applies a costing methodology that allows year-over-year comparisons. It found that the average annualized cost of cyber crime for financial services companies globally has increased to US$18.5 million — the highest of all industries included in the study and more than 40 percent higher than the average cost of US$13 million per firm across all industries. The analysis focuses on the direct costs of incidents and does not include the longer-term costs of remediation.

Malicious insider attacks are the most expensive type of attack for financial services firms to resolve, at US$243,000 per attack, and also take the longest time for the firms to resolve, at 55.1 days on average — significantly higher than the time to contend with ransomware (33.8 days) or web-based attacks (25.9 days).

The report notes that only one-third (34 percent) of firms are deploying automation, artificial intelligence (AI) and machine learning to help combat cyber threats. This is especially discouraging, because the study found that, when fully deployed, these technologies deliver the largest cost savings for an organization’s security efforts. Similarly, only 24 percent of firms are making extensive use of cyber analytics and user behavior / behaviour analytics, despite similarly high cost savings for these technologies. This suggests that financial services firms are struggling to keep up with the rapid pace of new technologies and, as a result, it’s difficult for them to make investments that increase their operational efficiency.


The study, conducted by the Ponemon Institute on behalf of Accenture, collected data from 2,647 interviews conducted over a seven-month period from a benchmark sample of 355 organizations in 11 countries. The financial services industry data was collected from 537 interviews from a benchmark sample of 72 financial services companies in Australia, Brazil, Canada, France, Germany, Italy, Japan, Singapore, Spain, the UK and the US.  The study represents the annualized cost of all cyber crime events and exploits experienced over a one-year period from January 1, 2018 to December 31, 2018. These include costs to detect, recover, investigate and manage the incident response; costs that result in after-the-fact activities; and costs related to efforts to contain additional expenses from business disruption and the loss of customers.