A Frost & Sullivan study commissioned by Microsoft reveals that despite financial services being a highly regulated industry, more than half (56%) of the organizations surveyed have either experienced a security incident (27%) or are not sure if they have had a security incident as they have not checked (29%). The study further reveals that over the last year, each cyberattack has cost large financial services companies in Asia Pacific an average of US$7.9 million in direct and indirect economic loss, and three out of five organizations have also experienced job losses resulting from cybersecurity incidents. For mid-sized financial services companies, the average economic loss due to a cybersecurity incident was US$32,000 per organization.
These findings are part of the “Understanding the Cybersecurity Threat Landscape in Asia Pacific: Securing the Modern Enterprise in a Digital World” study which was launched in May 2018, and aims to provide business and IT decision makers in the financial services sector with insights on the economic cost of cybersecurity breaches and to help to identify any gaps in their cybersecurity strategies. The initial study involved a survey of 1,300 business and IT decision makers ranging from mid-sized organizations (250 to 499 employees) to large-sized organizations (>than 500 employees), and 12% of these respondents are from the financial services industry.
To calculate the cost of cyberattacks, Frost & Sullivan created an economic loss model based on insights shared by the survey respondents. This model factors in two kinds of losses which could result from a cybersecurity breach:
- Direct: Financial losses associated with a cybersecurity incident – this includes loss of productivity, fines, remediation cost, etc; and
- Indirect: The opportunity cost to the organization such as customer churn due to reputational damage.