Cost of Cyber Crime: Financial Services

1. COSTOF CYBERCRIME STUDY INSIGHTSONTHE SECURITYINVESTMENTS THATMAKEADIFFERENCE INFINANCIALSERVICES

2. SECURITY BREACHES CONTINUE TO PLAGUE FINANCIAL SERVICES Average annualized cost of cyber crime (USD) $18.28Average number of security breaches each year 125 +9.6%Increase in the last year … AND THE COST OF BREACHES CONTINUES TO RISE … FINANCIAL SERVICES IS SLIGHTLY BETTER THAN GLOBAL PEERS Average number of security breaches each year 130 Copyright © 2018 Accenture Security. All rights reserved. 2 Source: Cost of Cyber Crime 2017, Accenture and the Ponemon Institute, September 2017

3. 5.04 5.07 6.47 7.10 7.34 7.36 8.28 9.30 10.22 11.05 12.47 13.17 14.46 17.20 $18.28 $0 4 8 12 16 20 Hospitality Education Life science Communications Consumer products Transportation Public sector Retail Industrial/manufacturing Services Healthcare Technology and software Aerospace and defense Utilities and energy Financial services Average annualized cost by industry sector US$ millions Legend n = 351 interviews in the Financial Services Industry Total annualized cost ($1 million omitted) Copyright © 2018 Accenture Security. All rights reserved. 3 FINANCIAL SERVICES HAS THE HIGHEST COST OF CYBER CRIME Source: Cost of Cyber Crime 2017, Accenture and the Ponemon Institute, September 2017

4. Copyright © 2018 Accenture Security. All rights reserved. 4 IN FINANCIAL SERVICES, DENIAL OF SERVICES, PHISHING & SOCIAL ENGINEERING ARE THE TWO MOST COSTLY ATTACK TYPES Average cost per attack $ thousands Legend n = 351 interviews in the Financial Services Industry 1,015 5,462 43,034 87,460 89,686 114,700 169,059 196,610 $227,865 $0K 50 100 150 200 250 Botnets Malware Stolen devices Malicious code Ransomware Web-based attacks Malicious insiders Phishing & social engineering Denial of services Source: Cost of Cyber Crime 2017, Accenture and the Ponemon Institute, September 2017

5. Copyright © 2018 Accenture Security. All rights reserved. 5 MALICIOUS CODE AND MALICIOUS INSIDERS CONTINUE TO TOP THE LIST – TAKING THE LONGEST TO RESOLVE Length of time to resolve an attack in days Estimated average time is measured for each attack type in days Legend n = 351 Interviews in the Financial Services Industry FY 2016 FY 2017 2.8 6.2 14.7 14.7 20.0 26.0 23.9 58.8 65.8 1.8 4.3 13.2 15.0 19.9 23.0 25.0 58.8 56.7 0 Days 10 20 30 40 50 60 70 Botnets Malware Stolen devices Denial of service Phishing & social engineering Ransomware Web-based attack Malicious insiders Malicious code Source: Cost of Cyber Crime 2017, Accenture and the Ponemon Institute, September 2017

6. Copyright © 2018 Accenture Security. All rights reserved. 6 DETECTION ACCOUNTS FOR 41% OF SECURITY COSTS FOR FINANCIAL SERVICES COMPANIES … 16 Containment 19 Recovery 13 Investigation 41 Detection 11 Incident Management and Ex-post Response Percentage cost by internal activities Legend n = 351 interviews in the Financial Services Detection Containment Recovery Investigation Incident management and ex-post response Source: Cost of Cyber Crime 2017, Accenture and the Ponemon Institute, September 2017

7. Copyright © 2018 Accenture Security. All rights reserved. 7 … BUT INFORMATION LOSS IS ONE OF THE MOST EXPENSIVE CONSEQUENCES OF CYBER ATTACKS IN FINANCIAL SERVICES Percentage cost by consequence Legend n = 351 interviews in the Financial Services Industry Business disruption Information loss Revenue loss 52 Information Loss 13 Revenue Loss 35 Business Disruption Source: Cost of Cyber Crime 2017, Accenture and the Ponemon Institute, September 2017

8. Copyright © 2018 Accenture Security. All rights reserved. 8 SPENDING LEVELS BALANCED FOR KEY SECURITY TECHNOLOGIES – AI-BASED 3RD & ADVANCED ANALYTICS 4TH FOR COST SAVINGS +1 -1 +1 -1 = = +1 -1 = 0 1 2 3 4 5 6 7 8 9 Automated policy management Enterprise deployment of governance, risk & compliance Extensive use of data loss prevention Extensive deployment of encryption technologies Advanced perimeter controls Extensive use of cyber analytics and user behavior analytics Automation, orchestration and machine learning (AI-based) Advanced identity and access governance Security intelligence systems Value gap Rank orderings by spending levels and cost savings Legend 1 = Highest rank 9 = Lowest rank Rank by percentage spending Rank by cost savings Source: Cost of Cyber Crime 2017, Accenture and the Ponemon Institute, September 2017 Note: Artificial Intelligence = AI

9. Copyright © 2018 Accenture Security. All rights reserved. 9 … ONLY 26% HAVE DEPLOYED AI-BASED SECURITY TECHNOLOGIES AND 31% ADVANCED ANALYTICS 26 29 31 52 55 55 62 67 71% Automation, orchestration and machine learning (AI-based) Automated policy management Extensive use of cyber analytics and user behavior analytics Extensive use of data loss prevention Enterprise deployment of governance, risk & compliance Extensive deployment of encryption technologies Advanced perimeter controls Advanced identity and access governance Security intelligence systems 0% 10 20 30 40 50 60 70 Nine key security technologies deployed in Financial Services Legend n = 351 interviews in the Financial Services Industry Percentage deployment frequency Source: Cost of Cyber Crime 2017, Accenture and the Ponemon Institute, September 2017

10. Copyright © 2018 Accenture Security. All rights reserved. 10 PRIORITIZE BREAKTHROUGH INNOVATIONS LIKE AI AND ANALYTICS Organizations should: 1. Better balance investments in security technologies 2. Use compliance technology—but don’t bet the business on it 3. Grasp the innovation opportunity 1 2 3

11. Copyright © 2018 Accenture Security. All rights reserved. 11 WE RECOMMEND THREE STEPS TO IMPROVE CYBERSECURITY EFFECTIVENESS Become brilliant at the basics Build cybersecurity on a strong foundation Undertake extreme pressure testing Identify vulnerabilities more rigorously Invest in breakthrough innovation Enhance program effectiveness and scale value 1 2 3

12. Copyright © 2018 Accenture Security. All rights reserved. 12 ABOUT THE RESEARCH COST OF CYBER CRIME 2017 2,182 interviews 7countries Australia France Germany Italy Japan United Kingdom United States 254 companies 8-year research program Jointly developed with: Examining the economic impact of cyber attacks

13. About Accenture Accenture is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Combining unmatched experience and specialized skills across more than 40 industries and all business functions—underpinned by the world’s largest delivery network—Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. With approximately 425,000 people serving clients in more than 120 countries, Accenture drives innovation to improve the way the world works and lives. Visit us at www.accenture.com About Accenture Security Accenture Security helps organizations build resilience from the inside out, so they can confidently focus on innovation and growth. Leveraging its global network of cybersecurity labs, deep industry understanding across client value chains and services that span the security lifecycle, Accenture protects organization’s valuable assets, end-to-end. With services that include strategy and risk management, cyber defense, digital identity, application security and managed security, Accenture enables businesses around the world to defend against known sophisticated threats, and the unknown. Follow us @AccentureSecure on Twitter or visit the Accenture Security blog. Learn more: http://accenture.com/security