Financial services cyber resilience: Room to grow

July 10, 2020

RESEARCH REPORT

In brief

Financial Services firms are moving in the right direction around security breaches, but Accenture's newest report finds room for improvement.
Top-notch firms are better at finding, preventing and remedying breaches, thanks to the right tech investments, training and greater collaboration.
Banks, capital markets firms and insurers face distinct challenges, but can take specific steps now to build better cyber security.

How well are Financial Services businesses defending against security breaches? Accenture's Third Annual State of Cyber Resilience survey of Financial Services finds successes, but room for growth.

Financial businesses previously had shown confidence—perhaps in some cases over confidence as breaches were trending down. Banks and capital markets firms continued to show improvement with 18 breaches in 2019 compared with 24 the previous year. Insurers experienced 30 successful 2019 breaches, compared to 52 the prior year. But compared to a set of top-notch financial firms—those highly proficient at cybersecurity, representing 12 percent of financial services survey respondents—more can be done.

What is best in class?

For non-leading financial firms, the Cyber Resilience survey finds the current average cost per attack is US$380,000. For top-notch firms, that cost may be reduced by as much as 72 percent, saving US$273,000 per breach. At an average of 22 incidents per year these savings add up to potentially $6 million annually for the average firm.

How is the elite group achieving these savings?

Elite financial firms' robust defenses give them several advantages:

Financial firms who've mastered cyber security are nearly four times better at stopping breaches.

These firms are four times more efficient in finding breaches faster.

Leading firms are nearly three times more effective at rapidly fixing breaches.

Firms with cyber security mastery are doubly effective at reducing a breach's impact.

Can other financial businesses—those outside the top-notch group—emulate this level of proficiency? They can, by homing in on three areas of focus:

1. Investing for speed

Leading firms invest for operational speed, with tools like Artificial Intelligence and Security Orchestration Automation and Response technologies.

2. Driving value from investments

These firms gain value by scaling their investments and by training and collaborating more, both internally and with outside partners.

3. Better at prioritizing budgeting

Elite financial firms focus budget allocations on sustaining what they already have, equipping the business to better handle the basics.

View All

Different industries, different headaches

Our Banking and Capital Markets report and our Insurance report offer immediate and long-term actions to help firms in all three areas. But the outlook for banks and capital markets is different than that for insurers.

We believe many banks and capital markets providers took the right steps following our 2018 report. As a result, they have shown improvement in reducing security breaches and have 40 percent fewer breaches than their insurance peers. Though they are becoming more effective at identifying and fixing breaches, they lag top-notch industry leaders in these key areas. Our latest State of Cyber Resilience for Banking & Capital Markets report outlines their most pressing concerns and offers immediate steps they can take.

For insurers, the story changes. They performed well from 2017 to 2018, building strong cyber security capabilities. They are also showing greater effectiveness at stopping breaches, about twice as effective as their banking and capital markets peers. But insurers increasingly are in criminals' line of site, with attacks against insurers more than doubling since our 2018 report. Our latest State of Cyber Resilience for Insurance report examines ways they can shore up their defenses to improve their speed at detecting and remediating breaches.

Building better cyber resilience

Does saving millions sound worthwhile? Like their top-notch peers, financial firms can take steps to invest for operational speed, drive value from new investments, enhance their training and cybersecurity collaboration, and work to sustain what they have. Learn how Accenture can help financial businesses drive down the cost of breaches.