Online Security Incidents Cost Banks £1.4 Million A Pop

A security incident involving a bank’s online banking services costs the affected organisation an average of $1,754,000 (£1,371,000), according to a Kaspersky Lab report.

The study investigated cyber threats in the financial industry and found that 61 per cent of incidents affecting online banking come with additional costs, such as confidential data leakage and the loss of brand reputation.

Surprisingly, the figure is double the price of recovering from a malware attack, which costs as much as $825,000 (£645,000) on average to resolve.

Rising costs

Financial organisations are particularly at risk from Distributed Denial of Service (DDoS) attacks, which are often designed to seriously damage banking websites as shown by the attack which caused an outage at an outage at Lloyds Banking Group.

And, when hit by DDoS attacks, customer-facing services suffer more damage and are more expensive to recover in banking than in any other sector.

For example, nearly half (49 percent) of banks that have suffered a DDoS attack have had their public website affected (compared to 41 per cent of non-financial institutions) and 48 per cent have had their online banking affected when they’ve been targeted by DDoS.

Furthermore, a DDoS attack can cost a financial organisation $1,172,000 (£917,427) to recover from, compared to $952,000 (£745,000) for businesses in other sectors.

Despite this cost, DDoS only ranks third in the types of attacks banks worry about the most with regards to their online banking services. Concerns about malware and targeted attacks take the top two spots.

“In the banking sector reputation is everything, and security goes hand-in-hand with this,” said Kirill Ilganaev, head of DDoS protection at Kaspersky Lab. “If a bank’s online services come under attack, it is very difficult for customers to trust that bank with their money, so it’s easy to see why an attack could be so crippling.

“If banks are to protect themselves effectively from the price tag of an online banking cyber security incident, they first need to become more prepared for the dangers DDoS attacks pose to their online banking services. This threat should be featuring higher on banks’ security priorities.”

Are you a security pro? Try our quiz!