Would you trust your money to a bank if it had no vaults and no guards? Of course you do. You do it every day. With the digitization of banking and other financial services, customers cannot see all the defenses being used to protect their assets. There are no alarms nor armored cars, it is all 0’s and 1’s.

As we just released our Midyear Cybersecurity Report, I, along with every other banking customer am concerned about identify theft and loss of access to my accounts. Security breaches and data leaks make headlines every day.

Despite these concerns, online banking adoption continues to grow. In fact, 31% of U.S. adults prefer online banking, while 10% prefer using their mobile devices, according to a survey conducted for the American Bankers Association (ABA) by Ipsos Public Affairs, in 2014. It brings convenience and also helps banks reduce operational costs. However, this model is only sustainable if it is secure and consumers have confidence in that security. If not kept in check, cybercrime can taint the credibility of this growing financial model.

The average cost of a single successful attack: $20.8 million, according to Ponemon Data Breach Study. It’s not a small number. And your reputation loss?

Financially-motivated hackers that gain access to customer accounts or financial data can profit either by using it themselves or by selling it to other criminal organizations.

There is a network of cybercriminals operating across borders. It is notably difficult to track them, or even trace the money as they use cryptocurrencies such as Bitcoin. Even when they are eventually found, it may be difficult to arrest them and impossible to recoup lost assets.

I’ve heard this period in our history as a period in which we are all “time starved.” We want what we want and we want it now. Anything that steals time must be stopped. Extend this to the arena of cybersecurity and time is extremely important.   How long a bad actor is hacking into financial systems is one determinant in how much data can be syphoned off. How many identities can be stolen? The average time to detect a breach across all industries is 100-200 days. Cisco finds this unacceptable. In the recent Midyear Cybersecurity Report, Cisco documents that it has cut that time down to 14 hours. And we still think that is too long.

What is your time to detect a breach? What was it last year? What will it be next month? Time to detection is the new stealth guard at the door. I have to go. I want to check my balances and transfer some funds before I order dinner online. I hope they can deliver in less than 30 minutes….and I expect them to also protect my identity.


Leni Selvaggio

Global Senior Manager

Financial Services Industry