Cyberhacking incidents seen too costly for banks
A bank whose services are interrupted by cybersecurity threats will have to shell out a substantial sum to recover from an incident such as a malware attack, and will likely suffer double this remediation amount in terms of business losses.
This was the finding of IT security firm Kaspersky Lab in a recent study it published on the dangers posed by hackers on financial institutions amid a wave of security breaches that have plagued banks around the world.
In a statement, the Russia-based firm—known primarily for its anti-virus services—said that “an accident involving a bank’s online banking services costs the organization $1,754,000 (or P88 million at current exchange rate) on average.”
This, it said, was double the price of recovering from a malware incident, which cost an average of $825,000.
“The study shows that 61 percent of cybersecurity incidents affecting online banking come with additional costs for the institution targeted—including data loss, the loss of brand/ company reputation, confidential information becoming leaked, and more,” the firm added.
The report comes as the Philippine Senate is probing the recent disruption in services of Bank of the Philippine Islands where thousands of depositors saw their account balances mistakenly debited or credited with unauthorized transactions. Some clients saw their balances rise sharply due to deposits they did not make, but most saw their funds diminished by “double withdrawals.” BPI—the country’s third largest bank — stopped ATM and internet banking services for two days before the errors were corrected.
This was followed a few days later by a voluntary notice by the Philippines’ largest financial institution, BDO Unibank, that it would suspend access of some ATM cards which it had determined to have been compromised. Most recently, Security Bank also announced a minor disruption in services due to a so-called “glitch.”
Kaspersky urged financial institutions to consider the cost implications of cybersecurity threats and put appropriate measures in place to protect themselves and their customers from incidents involving online banking—particularly from so-called Distributed Denial of Service (DDoS) attacks, which can threaten online banking services.
