But, for community banks and credit unions, the stakes are even higher.
Financial institutions hold important data, and criminals know it.
Banks need to have cybersecurity controls in place to detect and prevent attempts to steal customer and business data for 5 main reasons.
1. Breaches Can Damage A Bank’s Reputation
The public finds it hard enough to trust financial institutions—the latest Financial Trust Index released in early 2021 found that “a decrease in public trust in financial institutions to approximately 31.3 percent, after reaching its highest level in 2019, at 33.3 percent.”
Don’t make things worse by leaving your bank open to a data breach.
Mitigate opportunities for cybersecurity incidents.
2. Banks Face Penalties For Failing To Achieve Compliance
Penalties for non-compliance can be steep.
Not only might banks have to pay for ransomware attacks and the cost of remediation, they may also be subject to fines.
While no data is available as of this writing for smaller institutions, the Office of the Comptroller of the Currency (OCC), an independent bureau of the U.S. Department of the Treasury issued in October 2020 approximately $625 million in fines against national banks as a result of cybersecurity failures.
Compliance blunders could also result in increased oversight.
3. Consumers Don’t Want To Waste Time And Money
Consumers stand to lose time and money when a bank's data is breached.
Some of the time, any fraudulently spent money (from a debit card or bank-issued credit card) can be partially or fully recovered.
But, untangling the actions resulting from a bank’s data breach is time-consuming, stressful, and full of pressure.
No person wants to hear that their data could be in the hands of hackers and that they need to cancel cards, check statements, and keep their eyes open for complications.
Banks can help customers protect themselves by regularly reminding them to update their credentials—compromised credentials are the most common attack vector, per IBM.
4. Sensitive Consumer Data Is Desirable
The consumer side of handling a bank data breach can be difficult and complicated enough without mentioning the worst part: private data is in the wrong hands.
Even if credit and debit cards are canceled and fraud is thwarted, consumer data is sensitive and could reveal information that could be used against a person, all for just $150 per record, according to IBM.
It's not easy for a consumer to find a good night's sleep knowing that their private data has been stolen and is now floating perilously outside of their control.
Still, consumers can take precautions to avoid their compromised data being useful on the dark web:
Use strong passwords.
Use a different password for each site.
Regularly change your passwords.
Use a password manager.
Use multifactor authentication.
Meanwhile, a financial institution can also enforce these security controls (and more, such as migrating to the cloud) within their organization to protect their customers.
5. Banks Are Cybercrime Targets
Banks are targets for cybercrime because of the sheer amount of sensitive data they possess.
In fact, Varonis has found that a financial services employee has access to, on average, 13% of a company’s total files. “Even employees in the smallest firms have unrestricted freedom to view, copy, change, and delete data for over half a million files,” the report states.
Banks may be challenged by boosting their cybersecurity posture through their internal resources. That’s why it often makes since to work with an outside partner to secure sensitive data and detect and respond to cybersecurity incidents on behalf of the institution. Consider working with a managed security services provider that specializes in financial services to help strengthen your bank or credit union’s cybersecurity measures.
Download our free GLBA Compliance Checklist to see prepare for your next audit or remediate your existing vulnerabilities: