Printed from BusinessInsurance.com

Banks have cyber blind spots at the top

Posted On: Jun. 6, 2016 12:00 AM CST

Twelve percent of banking CEOs have no idea whether their organization has been hacked in the last two years, according to a KPMG L.L.P. survey, which also found that the C-suite has a different view of cyber security than the next level of executives.

Executive vice presidents and managing directors were even less aware of cyber security, accounting firm KPMG said, with nearly half of the respondents saying they didn't know whether their bank had been hacked, while 72% of senior vice presidents and directors said the same.

“Banks are under an onslaught of attacks from bad actors,” Charlie Jacco, financial services cyber leader at KPMG, said in a statement, “so the fact that 12% of banking CEOs reported that they don't know if they've been compromised is troublesome. Cyber is a business bottom-line issue: a true CEO issue.”

Mr. Jacco went a step further saying that “all employees should know and be in lockstep on their bank's greatest vulnerabilities and concerns as it pertains to how that bank views cyber security.”

KPMG said that roughly one quarter of the CEOs surveyed said financial loss was the top concern in a data breach, with reputation, litigation and job security tying for second place. In contrast, most executive and senior vice presidents put reputation at the top, followed by financial loss.

“Disconnects around cyber strategy among senior executives can create great gaps in protections and deprioritize important tasks, exposing banks to increased cyber risks,” Jitendra Sharma, KPMG's advisory leader for U.S. financial services, said in a statement. “Naturally, banks are the top industry attacked by hackers due to the amount of funds flowing through the institutions. Since banks are under increased security pressures, it's more important than ever that they employ a strong, top-down internal strategy to better protect themselves against bad actors.”

In 2015 alone, banks and other financial institutions suffered 71 cyber breaches, according to the Identity Theft Resource Center.

The survey, released last week, polled 100 bank executives representing more than $20 billion in assets, and the results seem to mirror responses in similar studies.

Traverse City, Michigan-based Ponemon Institute L.L.C. recently reported that though 55% of respondents believe their organization has had a security breach, just 45% mandate training for employees. However, 29% didn't include the CEO or C-suite executives from the training.

A study by PricewaterhouseCoopers L.L.C. found that only about 40% of banking and capital markets directors were “very comfortable” with their cyber risk efforts and 38% of financial services directors said their board has discussed a cyber breach in the past year. Fourteen percent of financial services directors said they were very comfortable that their companies have identified potential attackers.

These percentages are especially poor considering that hacking can hazardous to an executive's career. Last month the head of Austrian aerospace parts maker FACC was fired after the company was hit by a cyber fraud that cost it €42 million ($47.1 million). FACC fired its chief financial officer in February soon after the cyber attack.