Financial Services Blog Series: Cyber Security – The Biggest Risk Isn’t the Loss Itself, But the Reputation

Some of you may remember the name Ray Tomlinson.  If you’ve never heard of him or can’t recall the name, suffice it to say that he’s had a profound impact on your life.  Recently deceased, he is the programmer credited to have invented ‘email’ back in 1971 when he sent an email to himself from one computer to another traveling a network known as ARPANET. Not surprisingly, given Tomlinson invented email, he is also the person who turned the world’s first computer virus “Creeper” into a self-replicating program and then developed a reactionary antivirus program called “Reaper” to delete it.  This would prove to be just the first of many thousands of virus laden programs that would spawn in the coming decades. 

Cyberattacks have occurred throughout the history of the internet and have impacted businesses of all shapes and sizes. Who remembers ILOVEYOU, Sobig and MyDoom, or, more recently, WannaCry. Hackers also targeted companies such as Yahoo, Target and HomeDepot in 2013, Equifax in 2017 or Facebook in 2019 exposing PII and PFI data to malicious actors.

Several studies have been done (mostly by Cyber Security suppliers) that suggest one of the hardest hit industries in terms of trust after a breach, are Banks and Financial Services.  One study by Varonis (editor's note: Varonis is a Cyber Security firm) found that after surveying 1,000 people, only 17% would continue to do business with a Bank that had experienced a cyber security breach vs. 47% for retail shopping (i.e. Target).  Given the competitive landscapes banks face today, that is not an acceptable loss of trust.

Cyber Security and Financial Services

Financial Services Industry (FSI) reliance on IT to store and process information has increased significantly.  Within that context, it is no surprise that this industry experiences a disproportional 35% of all data breaches. This is earning the industry the unflattering title of the most-breached sector on the planet. And these security breaches are expensive, with the average cost per stolen record estimated to be $245 according to Finyear. 

NET(net) sees FSI clients do the following 3 things to cultivate a robust security posture:

  • Secure Executive leadership and Board involvement – Draft policies, procedures and contractual provisions regarding the discovery, investigation, remediation and reporting of breaches.
  • Raise Cyber Security profile beyond the IT department – Implement a solid security organizational structure and reporting procedures for Cyber Security operations.
  • Align cyber risk management with business strategy – Ensure the right insurance coverage for various types of cyber risks are in place.

A reactive approach to Cyber Security is no longer enough, and a proactive stance is essential for efficient threat prevention. The Financial Services industry continues to invest in data security capabilities, which has been fueling the increase in global security spending to a whopping $124B USD in 2019. By the way, this is 35X increase from 2004 when global Cyber Security market was worth $3.5B USD.

Focusing on Banks, Insurance Companies, Investment Managers and other Financial Services companies, they spend between 6% and 14% of their annual IT budget on Cyber Security or roughly $2,300 per FTE according to a Deloitte study. In addition, the study finds that higher Cyber Security spending doesn't necessarily translate into a higher Cyber Security maturity level.

Do the Homework Before Investing

Cultivating a robust security posture includes a decision on how these endpoints are managed; generally speaking, this is either by way of various Software solutions, a Managed Security Service or a combination of both. Regardless of the decision, the financial investment to purchase and implement these solutions, together with the increase in resource capabilities required to manage information security as a whole, are significant.

Top considerations for FSIs investing in Cyber Security:

  • Understand the cost implications and resource requirements based on the number and type of endpoints that are in scope for management and monitoring
  • Align organizational expectations to ensure that all stakeholders involved understand the impact before the RFP process starts
  • Investigate the impact the supplier decisions and resulting long term partnership have on current operations
  • Identify supplier differentiators as input to the RFP long list
  • Avoid overcomplicating the process with content that is not needed
  • Ensure the sheer number of capabilities in this crowded category work to your advantage

Measuring the effectiveness of such an investment is a challenge because most companies treat this more like an insurance policy than a business project. All the more reason to focus on maximizing the cost and value of that investment in Cyber Security.

NET(net) has guided Banks and Financial Services companies down this path and has the experience and expertise to ensure investments are optimized, risks are mitigated, and there is a long-term plan in place that enables maximum flexibility as the business requirements change.  Unless you’ve bought your own Cyber Security company, ‘going it alone’ is no longer an option.  The C-suite, Board members and shareholders will hold you accountable in the end if every available resource wasn’t utilized in developing and deploying your security plans.  As always, contact us for a conversation on how we may be able to help.

About NET(net)

Founded in 2002, NET(net) is the world’s leading IT Investment Optimization firm, helping clients find, get and keep more economic and strategic value. With over 2,500 clients around the world in nearly all industries and geographies, and with the experience of over 25,000 field engagements with over 250 technology suppliers in XaaS, Cloud, Hardware, Software, Services, Healthcare, Outsourcing, Infrastructure, Telecommunications, and other areas of IT spend, resulting in incremental client captured value in excess of $250 billion since 2002. NET(net) has the expertise you need, the experience you want, and the performance you demand. Contact us today at, visit us online at, or call us at +1-866-2-NET-net to see if we can help you capture more value in your IT investments, agreements, and relationships.

NET(net)’s Website/Blogs/Articles and other content is subject to NET(net)’s legal terms offered for general information purposes only, and while NET(net) may offer views and opinions regarding the subject matter, such views and opinions are not intended to malign or disparage any other company or other individual or group.

Read similar posts below