A study IBM Security and conducted by Ponemon Institute found that the average cost of a data breach globally is $3.86 million, a 6.4 percent increase from the 2017 report.
There seems to be a constant supply of news stories involving high-profile, high-impact criminal cyber activity. More often than not, the data breaches that we hear about occur at large businesses or global organizations. This leads many people to think that it’s only those big companies who are at risk of being attacked. They incorrectly assume that today’s cybercriminal is always looking for a giant financial payout or a huge cache of personal data. But the reality is that small and mid-size businesses (SMB) are actually at greater risk.
Like the GDPR before it, the CCPA is getting a lot of attention because of the rights California residents will have to access data held by companies, to have that data removed, and to prohibit the sale of personal data. The new law, which does not go into effect until 2020, also creates the potential for some eye-popping payments directly to consumers impacted by a breach.
The current approach to cybersecurity within the financial services industry is flawed. With regulations such as the new General Data Protection Regulation (GDPR) and New York State’s DFS Cybersecurity Regulation being enforced, putting ever greater pressure on data protection, combined with the fact that the financial services industry is one of the most targeted, regulatory and consumer eyes alike are firmly on financial institutions to improve their cybersecurity processes and models.
Cybercriminals are leveraging ransomware threats to extort big money from organizations of all sizes in every industry, but financial services organizations are one of today’s primary targets. It is non-negotiable for financial services companies to maintain the privacy of theirs customers and the security of their confidential data. If a bank or credit union is hit with a ransomware attack, significant backlash is undoubtedly going to ensue – especially if customer data is held ransom for a significant amount of time.
