We can now add U.S. banks, insurers, money managers and other financial companies to the growing list of organizations spending more to protect and guard against the growing problem of cybersecurity. As reported by the Wall Street Journal this week, “Financial-services companies plan to bolster their cybersecurity budgets by about $2 billion over the next two years, according to accounting and consulting firm PricewaterhouseCoopers.”
“While Internet breaches have hit everyone from big-box retailers to the U.S. Postal Service, banks and investment firms are in the spotlight because they have been attacked frequently and handle reams of sensitive client data, including millions of checking and savings accounts. Banks’ response has been to spend more. Citigroup Inc. ’s annual cybersecurity budget has risen in recent years to more than $300 million, people familiar with the bank said.” (Emphasis added).
“Overall, the number of financial firms reporting losses of more than $10 million from cybersecurity incidents increased more than 140% from a year ago, according to the PwC report. Financial-services companies accounted for 34% of all breaches in 2013, almost three times the percentage of the public sector, which garnered the next highest reading, according to the Verizon 2014 Data Breach Investigation report.” (Emphasis added).
Considering the risks involved and the highly sensitive and private nature of the information handled, stored and processed by these firms, this is definitely welcome news. It is also, however, a sign of things to come and an unwelcome indicator of the current threat level that companies in all industries face. Cyberthreats are real, they are increasing, and they can be devastating to consumers and the companies who serve them. Organizations across the spectrum would be well served to conduct their own risk analysis and dedicate whatever resources are needed to address these threats and ensure to the best extent possible the privacy and security of the information they are entrusted with.