Ironically, “hippopotomonstrosesquippedaliophobia” is not only a fear of long words but also one of the longest words in the dictionary. There’s a much shorter word that the financial world has been fearing, though — cybercrime. This is a warranted fear, particularly given that one statistic suggests that if cybercrime was measured as a country, it would be the third-largest economy, after the US and China. Predicted to cost the world $9.5T in 2024 alone, the potential impact of cybercrime is mind-boggling: the average breach in the financial sector costs over $6MM. Financial industry data breaches are only second to healthcare in a ranking of data breach costs among 17 industries, and, of course, can have a catastrophic impact on a financial institution’s operations and reputation. It’s therefore unsurprising that community bankers continue to rank cybersecurity as the highest internal risk to their banks, with 96% of those surveyed in the 2024 Conference of State Bank Supervisors’ (CSBS) Annual Survey of Community Banks rating it as “very” or “extremely important” and the biggest challenge to new technology adoption. What’s more, almost two-thirds of respondents to Bank Director’s 2024 Tech Survey are more concerned about digital fraud than they were a year ago. The FDIC’s 2024 Risk Review highlights the key operational and cyber risks facing financial institutions:
- Operational risks to banks remain critical as cybercrime evolves. Although the digitalization of finance can create new opportunities for financial institutions, it can also increase exposure to financial risks and cybercrime. Technology advances are also resulting in an increase in the sophistication of attacks.
- Ransomware and supply chain attacks are key risk areas. The resulting disruption to core banking activities and operations, as well as the risk to customer data, can severely impact customers’ trust and confidence in an institution. There is also an increased risk of supply chain attacks as more community financial institutions (CFIs) engage in third-party partnerships to provide technological solutions.
- Geopolitical events have sparked a rise in cyberattacks on banks and infrastructure. These include politically motivated attacks targeting US and European entities, in particular.
- Check fraud continues to rise despite a decline in check usage. As we highlighted in a BID earlier this year, check fraud has far-reaching implications for CFIs and their customers. A majority of respondents (80%) to Bank Director’s 2024 Tech Survey indicated that they are more concerned about check fraud than any other type of fraud.
- The adoption of quantum computing and generative AI could pose significant risks to critical infrastructure. Quantum computing could render existing encryption useless, while generative AI is increasingly being used to create realistic fake identities, complicating authentication processes for financial institutions.
How To Prepare for and Prevent Cyberattacks
With cybercriminals using increasingly sophisticated tactics to steal sensitive information, CFIs must remain vigilant and continuously adopt strong cybersecurity measures. Implementing a comprehensive, organization-wide strategy that engages the whole team and utilizes multiple layers of protection to effectively counter cyber threats is crucial. Here are some top tips to do this.
With cybercriminals using increasingly sophisticated tactics to steal sensitive information, CFIs must remain vigilant and continuously adopt strong cybersecurity measures. Implementing a comprehensive, organization-wide strategy that engages the whole team and utilizes multiple layers of protection to effectively counter cyber threats is crucial. Here are some top tips to do this.
- Provide regular, ongoing cyber-risk awareness training. Employees are an important line of defense against cyberattacks, but also often the weakest link — human error is responsible for over 90% of breaches, according to IBM. Educating staff on what to look out for, modeling training after real-world examples, and having clear protocols on how to respond to threats can enhance engagement and improve outcomes.
- Assess third-party risk and security. As CFIs increasingly rely on third parties for certain services and products, it is important to assess all vendors carefully to ensure they have strong cybersecurity practices in place and are accountable for any breaches. This should help mitigate risks from criminals exploiting vulnerabilities across the supply chain.
- Implement strong mobile and network security measures and cybersecurity practices. Measures should include strong password policies, multi-factor authentication, encryption, VPN connections for remote access, firewalls, and antivirus software. CFIs should also regularly update all operating systems, applications, and software.
- Employ robust threat detection and response tools. These tools could help prevent ransomware attacks or reduce the resultant financial losses and reputational damage of a successful attack. Intrusion detection systems and network monitoring could make it easier to detect and address cyber incidents. Regularly backing up important data — and storing it securely — will further help to protect it from ransomware or allow for easier restoration after an attack.
- Develop an incident response plan. Should a breach occur, having a plan in place to ensure a fast, efficient, and effective response is essential. The plan should outline key staff responsibilities, identify critical systems and how to restore them, and detail communication protocols during and after a cyber incident. Given how quickly cybercrime is evolving, it’s also crucial to review and update the plan regularly.
CFIs are a prime target for cybercriminals. To best protect themselves and their customers and ensure business continuity in the event of a cyberattack, CFIs should have a comprehensive and integrated cybersecurity strategy in place, supported by a sound incident response policy and regular staff training.
