More Related Content Similar to Ninth Annual Cost of Cybercrime Study in Financial Services – 2019 Report (20) Ninth Annual Cost of Cybercrime Study in Financial Services – 2019 Report2. • The average cost of cybercrime for an organization increased US$1.4M to US$13.0M.
• Phishing and social engineering (+16%), ransomware (+15%), and stolen devices (+15%)—
largely people-based attacks—show the biggest increases.
• Information theft is the most expensive consequence of cybercrime and companies spend most
on discovery activities.
Organizations spend more
than ever to deal with the
costs and consequences of
more sophisticated attacks.
• The threat landscape continues to expand with an increase in nation-state espionage, supply
chain and critical infrastructure threats.
• In the drive for growth and innovation, 79% of business leaders say new business models
introduce technology vulnerabilities faster than they can be secured.
The expanding threat
landscape and new business
innovation is leading to an
increase in cyber attacks.
• Place greater emphasis on protecting people to combat the rise in attacks against them.
• Prioritize technologies to limit information loss and disruption, the largest consequences of
cybercrime and a growing concern with new privacy regulation like the General Data Protection
Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
• Use automation (including artificial intelligence (AI) and machine learning) and advanced
analytics to manage rising cost of discovering attacks, the largest component of spend.
Prioritize technologies that
reduce the consequences of
cybercrime to unlock future
economic value.
• Improving cybersecurity protection can reduce the cost of cybercrime and provide additional
revenue opportunities. A total of US$5.2 trillion over the next five years.
• This translates into additional revenue of 2.8 percent—or an average of US$580M annually—in
each of the next five years for an average G2000 company.
• This provides a useful benchmark to measure investments in cybersecurity protection.
What is the economic value
of improving cybersecurity
protection worth to an
organization?
GLOBAL COST OF CYBERCRIME STUDY FINDINGS
IN BRIEF
Copyright © 2019 Accenture. All rights reserved. 2
3. GLOBAL COST OF CYBERCRIME STUDY
Copyright © 2019 Accenture. All rights reserved. 3
11
US
UK
Japan
Germany
France
Brazil
Canada
Australia
Spain
Italy
Singapore
EXAMINING THE ECONOMIC IMPACT OF CYBER ATTACKS
355Companies
2,647
Jointly developed by:
Countries
Travel
Comm & Media
Life sciences
Retail
Health
Consumer
Goods
Public Sector
US Federal
Energy
High Tech
Insurance
Automotive
Software
Utilities
Banking / Capital
Markets
Annual
research
study
9th
16Industries
Interviews
4. What types of cyber attacks are included in this research?
We define cyber attacks as malicious activity conducted
against the organization through the IT infrastructure via the
internal or external networks or the Internet. Cyber attacks also
include attacks against industrial control systems (ICS).
DEFINING CYBER ATTACKS
Copyright © 2019 Accenture. All rights reserved. 4
5. IN FINANCIAL SERVICES, WEB-BASED ATTACKS
SHOWED THE LARGEST INCREASE
Copyright © 2019 Accenture Security. All rights reserved. 5
Types of cyber attacks
experienced by Financial
Services companies
(% increase 2017–2018)
Web-based attacks are still
an issue (+8%). People-
based attacks, ransomware
(+5%) are on the rise.
34%
45%
40%
52%
60%
64%
82%
76%
97%
35%
40%
54%
56%
56%
61%
74%
77%
94%
Malicious insider (-1%)
Ransomware (+5%)
Stolen devices (-14%)
Denial of service (-4%)
Malicious code (+4%)
Botnets (+3%)
Web-based attacks (+8%)
Phishing and social engineering (-1%)
Malware (+3%)
2017 2018
6. Percentage spending
levels by six IT security
layers for Financial
Services Companies
Spending on the human
layer is on the rise. But is
the increase sufficient to
cope with the fastest
growing cyber attacks like
ransomware?
6
THE APPLICATION AND PHYSICAL LAYERS HAVE
EXPERIENCED THE LARGEST INCREASE
Copyright © 2019 Accenture Security. All rights reserved.
20%
18%
11%
6%
7%
31%
24%
16%
14%
10%
5%
Network layer Application layer Data layer Human layer Physical layer Host layer
FY 2017 FY 2018
38%
7. MALICIOUS INSIDER ATTACKS ARE NOW THE
MOST EXPENSIVE TO RESOLVE
Copyright © 2019 Accenture Security. All rights reserved. 7
Types of cyber attacks
experienced by Financial
Services companies
US$ (% increase 2017–2018)
Another people-based
attack, malicious insiders,
leads the way as the
costliest type of cyber attack
to resolve, followed by
malicious code (+81%). The
cost of denial of services
attacks are down 41%
points.
$1,981
$82,893
$34,074
$243,101
$84,954
$156,690
$157,891
$133,949
$8,838
$1,015
$89,686
$43,034
$169,059
$114,700
$196,610
$87,460
$227,865
$5,462
Botnets (+95%)
Ransomware (-8%)
Stolen devices (-21%)
Malicious insider (+44%)
Web-based attacks (-26%)
Phishing and social engineering (-20%)
Malicious code (+81%)
Denial of service (-41%)
Malware (+62%)
2017 2018
8. Length of time taken to
resolve cyber attacks for
Financial Services
Companies
Days (% increase 2017–2018)
Other people-based attacks,
like Phishing & Social
Engineering (+22%) and
Ransomware (+30%) have
seen increases in the length
of time to resolve.
…AND ARE STILL TAKING LONGEST TO RESOLVE
8Copyright © 2019 Accenture Security. All rights reserved.
4.5
14.8
25.9
24.0
33.8
11.7
24.3
55.1
49.8
2.8
14.7
23.9
14.7
26.0
6.2
20.0
58.8
65.8
Botnets (+62%)
Stolen devices (+1%)
Web-based attacks (+9%)
Denial of service (+63%)
Ransomware (+30%)
Malware (+89%)
Phishing and social engineering (+22%)
Malicious insider(-6%)
Malicious code (-24%)
2017 2018
9. Organizations were asked to report their spend (costs)
to discover, investigate, contain and recover from
cyber attacks over four consecutive weeks. Also
covered are the expenditures that result in after-the-fact
activities and efforts to reduce business disruption
and the loss of customers.
These costs do not include outlays and investments
made to sustain an organization’s security posture or
compliance with standards, policies and regulations.
Once compiled and validated, these costs were then
grossed-up to determine the annualized cost.
CALCULATING THE
COST OF CYBERCRIME
Copyright © 2019 Accenture. All rights reserved. 9
10. $7.6 $7.7
$9.5
$11.7
$13.0
$-
$2.0
$4.0
$6.0
$8.0
$10.0
$12.0
$14.0
2014 2015 2016 2017 2018
Totalaveragecostofcybercrime
(US$M)
Copyright © 2019 Accenture Security. All rights reserved. 10
THE AVERAGE COST OF CYBERCRIME FOR AN
ORGANIZATION INCREASED BY 12 PERCENT
OVER THE YEAR TO US$13.0 MILLION
+2%
+23%
+23%
The GLOBAL average cost
of cybercrime for
companies in study
US$
The increase over the last
five years is 72%, or US$
5.5 million, on average for
companies in our study.
The average cost of cyber
crime in Financial Services
in 2018: US$ 18.5 million
+12%
11. Copyright © 2019 Accenture Security. All rights reserved. 11
THE COST OF CYBERCRIME IS INCREASING
IN ALL COUNTRIES
Change in cybercrime cost
by country
US$ millions
(% increase 2017–2018)
The average increase in
cybercrime costs for the
countries in our sample is
+26%. The United Kingdom
(31%), Japan (30%) and
United States (29%) have
the largest increases
followed by Australia
(+26%).
The increase for Germany
(18%) is less than half the
increase in 2017 (42%).
$6.79
$7.24
$8.01
$8.16
$9.25
$9.32
$9.72
$11.46
$13.12
$13.57
$27.37
$5.41
$6.73
$7.90
$8.74
$11.15
$10.45
$21.22
- $5M $10M $15M $20M $25M $30M
Australia (+26%)
Brazil*
Italy (+19%)
Spain*
Canada*
Singapore*
France (+23%)
United Kingdom (+31%)
Germany (+18%)
Japan (+30%)
United States (+29%)
2017 2018Cost (US$ Millions)
12. Copyright © 2019 Accenture Security. All rights reserved. 12
THE COST OF CYBERCRIME CONTINUES TO RISE
IN MOST INDUSTRIES
Average annualized cost
by industry sector
US$ (million)
Average cost of cybercrime
= US$13.0 million
$7.91
$8.15
$10.65
$10.91
$11.43
$11.82
$11.91
$13.74
$13.77
$18.50
$14.69
$15.78
$16.04
$17.84
$8.28
$7.05
$7.10
$6.47
$9.30
$12.47
$7.34
$10.41
$13.21
$18.28
$15.48
$10.70
$14.46
$16.85
- $2M $4M $6M $8M $10M $12M $14M $16M $18M $20M
Public Sector
Travel
Communications & Media
Life Sciences
Retail
Health
Consumer Goods
US Federal
Energy
Financial Services
High Tech
Automotive
Software
Utilities
2017 2018Cost (US$ Millions)
13. What is the economic value
of improving cybersecurity
protection worth to an
organization?
THE VALUE OF
CYBERSECURITY
14. 0
2
4
6
8
10
12
14
16
18
The cost of cybercrime The value of cybersecurity
$USmillion
New revenue opportunity
Savings in the cost of
cybercrime
The cost of cybercrime
Copyright © 2019 Accenture Security. All rights reserved. 14
HOW MUCH IS IMPROVED CYBERSECURITY
PROTECTION WORTH TO A BUSINESS?
There is a positive
correlation between size
and cost. The bigger the
organization the bigger the
cost burden on them.
But can improved
cybersecurity protection
create more economic
value for businesses?
Economic value includes
savings in the cost of
cybercrime plus new
revenue opportunity.
The economic
value of
improved
cybersecurity
protection
Econometric
modelling
Historical
analysis
THE COST OF CYBERCRIME THE VALUE OF CYBERSECURITY
2014–2018 2019–2023
15. 23%
77%
Value at risk: 2019–2023
(Value at Risk* due to direct and indirect attacks,
Cumulative 2019–2023, US$t)
* Expected loss of savings in
cybersecurity spend and revenue
opportunity over the next 5 years.
Calculations over a sample of 4,700 global
public companies.
$5.2t
Direct Attacks
Indirect
Attacks
Copyright © 2019 Accenture Security. All rights reserved. 15
Value at risk by industry (US$Bn)
Source: Accenture Research
Value at risk by country (US$Bn)
47
70
110
147
209
219
223
257
283
305
340
347
347
385
505
642
753
Capital Markets
Travel
Transportation
Chemicals
Energy
Utilities
Nat. Res.
Comms & Media
Ind. Equip.
Insurance
Retail
Health
Banking
CG&S
Automative
Life Sciences
High Tech
97
100
133
133
137
172
216
347
532
1700 t
Australia
Spain
Canada
Brazil
Italy
France
United Kingdom
Germany
Japan
United States
THE ECONOMIC VALUE AT RISK DUE TO CYBER
ATTACKS OVER THE NEXT FIVE
YEARS IS US$5.2 TRILLION GLOBALLY
16. Copyright © 2019 Accenture Security. All rights reserved. 16
THE ECONOMIC VALUE AT RISK PROVIDES
A USEFUL BENCHMARK FOR SECURITY
INVESTMENTS
Average annualized cost
by industry sector
US$ (million)
The average G2000 company
revenue in 2018 was US$20
billion.
Life sciences and high tech
companies have the highest
revenue at risk.
Capital markets and industrial
equipment companies have
the lowest revenue at risk.
Industry
Revenue at Risk
(CAGR 2019 –
2023)
Global=2.8%
2018 Average
G2000 Revenue
(US$ M)
Average annual
revenue opportunity at
risk 2019–2023 (US$
M)
2019 –2023 Cumulative
revenue opportunity at
risk (US$ M)
Automotive 3.1% $20,000 $770 $3,851
Banking 2.4% $20,000 $570 $2,848
CG&S 3.4% $20,000 $738 $3,689
Capital Markets 1.5% $20,000 $365 $1,826
Chemicals 2.7% $20,000 $572 $2,859
Comms & Media 2.0% $20,000 $456 $2,282
High Tech 4.5% $20,000 $1,056 $5,278
Energy 2.1% $20,000 $352 $1,762
Health 3.7% $20,000 $1,156 $5,779
Industrial Equipment 1.5% $20,000 $368 $1,841
Insurance 3.9% $20,000 $949 $4,743
Life Sciences 5.6% $20,000 $1,475 $7,375
Natural Resources 2.6% $20,000 $541 $2,703
Retail 1.5% $20,000 $339 $1,695
Transportation 1.6% $20,000 $343 $1,715
Travel 1.5% $20,000 $378 $1,891
Utilities 2.9% $20,000 $579 $2,895
18. Percentage cost by
consequence for Financial
Services Companies
Despite important decreases,
information loss is a worrying
trend with new regulation like
the GDPR and CCPA to
consider.
18
BUSINESS DISRUPTION IS NOW THE MOST
EXPENSIVE CONSEQUENCE OF A CYBERCRIME
Copyright © 2019 Accenture Security. All rights reserved.
35%
13%
0% 0%
38%
37%
21%
5%
0%
Business disruption Information loss Revenue loss Equipment damages Other
FY 2017 FY 2018
52%
19. Percentage cost by
internal activities for
Financial Services
Companies
Discovery and recovery
spend highlight a significant
cost-reduction opportunity
for organizations that are
able to systematically
deploy security technologies
to help facilitate the
discovery-to-recovery cycle.
19
COMPANIES SPEND THE MOST ON DISCOVERY
AND NOW THE LEAST ON RECOVERY ACTIVITIES
Copyright © 2019 Accenture Security. All rights reserved.
13%
16%
30%
29%
25%
28%
18%
Discovery Investigation Containment Recovery
FY 2017 FY 2018
41%
20. 20%
24%
34%
40%
41%
42%
62%
53%
79%
29%
31%
26%
44%
52%
55%
62%
67%
71%
Automated policy management (-9%)
Extensive use of cyber analytics and UBA(-7%)
Automation, AI and machine learning (+8%)
Enterprise deployment of GRC (-4%)
Extensive use of data loss prevention (-11%)
Extensive use of cryptographic technologies (-13%)
Advance perimeter controls (+0%)
Advanced identity and access governance(-14%)
Security intelligence and threat sharing(+8%)
2017 2018
SECURITY INTELLIGENCE AND THREAT SHARING
IS FULLY DEPLOYED BY MORE COMPANIES THAN
ANY OTHER SECURITY TECHNOLOGY
Copyright © 2019 Accenture Security. All rights reserved. 20
The proportion of
Financial Services
companies who deploy
nine key security
technologies
The deployment of
automation, AI and machine
learning and cyber analytics
and user behavior analytics
(UBA) are far too low.
21. Annual cost savings when
deploying key
technologies for Financial
Services Companies
US$
Copyright © 2019 Accenture Security. All rights reserved. 21
YET AUTOMATION, AI AND MACHINE LEARNING
DELIVERS THE LARGEST COST SAVINGS WHEN
FULLY DEPLOYED
Rank
$3,130,000
$2,700,000
$2,410,000
$1,600,000
$1,340,000
$1,260,000
$620,000
Automation, AI and machine learning
Advanced identity and access governance
Security intelligence and threat sharing
Extensive use of cyber analytics and UBA
Extensive use of cryptographic technologies
Advanced perimeter controls
Extensive use of data loss prevention
Enterprise deployment of GRC
Automated policy management
$4,130,000
$3,820,000
22. 7.9%
10%
11,3%
12.7%
14.1%
14.4%
17.9%
0.0% 5.0% 10.0% 15.0% 20.0% 25.0% 30.0%
Automated policy management
Enterprise deployment of GRC
Advanced perimeter controls
Extensive use of data loss prevention
Extensive use of cyber analytics and UBA
Extensive use of cryptographic technologies
Automation, AI and machine learning
Advanced identity and access governance
Security intelligence and threat sharing
Estimated annual return on investment (ROI)
Security intelligence and threat sharing
Estimated ROI for key
security technologies for
Financial Services
Companies
The estimated average ROI
for all nine categories of
“enabling” security
technologies is 14.1
percent.
Copyright © 2019 Accenture Security. All rights reserved. 22
ADVANCED IDENTITY AND ACCESS MANAGEMENT
HAS THE BIGGEST RETURN ON INVESTMENT
Advanced identity and access management
22.5%
23.8%
23. Rank by spending levels and cost
savings for key security
technologies for Financial
Services Companies
Rank by % spending
1 = Lowest % spend
9 = Highest % spend
Rank by cost savings
1 = Lowest % saving
9 = Highest % saving
Security intelligence, automation
and advanced analytics provide the
largest positive value between
investment and savings.
Copyright © 2019 Accenture Security. All rights reserved. 23
INVESTMENT IS BEING MISDIRECTED TO
SECURITY CAPABILITIES THAT DELIVER LESS
6
1
8
7
2
5
3
9
4
1
2
3
4
5
6
7
8
9
[CELLRANGE]
[CELLRANGE]
[CELLRANGE]
[CELLRANGE]
[CELLRANGE]
[CELLRANGE]
[CELLRANGE]
[CELLRANGE]
[CELLRANGE]
Extensive use of cyber analytics and UBA
Automated policy management
Security intelligence and threat sharing
Automation, AI and machine learning
Enterprise deployment of GRC
Extensive use of cryptographic technologies
Extensive use of data loss prevention
Advanced identity and access management
Advanced perimeter controls
Rank by percentage spending Rank by cost savings
*Value
Gap
Positive value gaps: Areas where financial services companies should invest more to deliver cost savings
Negative value gaps: Areas where financial services companies are overspending relative to cost savings
24. PRIORITIZE BREAKTHROUGH INNOVATIONS LIKE
AI, AUTOMATION AND ANALYTICS
Copyright © 2019 Accenture Security. All rights reserved. 24
Place greater emphasis on protecting people due to
the rise in phishing, ransomware and malicious
insider attacks.
Invest to prevent information loss and business
disruption which are growing concerns with new
privacy regulation like GDPR and CCPA.
Use automation and advanced analytics to
manage the rising cost to discover attacks which is
the largest component of spend.
1
2
3
55 days
The time to resolve malicious
insiders attacks
38% of cost
Business disruption the most
expensive consequence
of cybercrime
57% of spend
Discovery and Containment are
the largest elements of internal
spend
ORGANIZATIONS SHOULD:
25. About Accenture
Accenture is a leading global professional
services company, providing a broad range of
services and solutions in strategy, consulting,
digital, technology and operations. Combining
unmatched experience and specialized skills
across more than 40 industries and all business
functions—underpinned by the world’s largest
delivery network —Accenture works at the
intersection of business and technology to help
clients improve their performance and create
sustainable value for their stakeholders. With
more than 482,000 people serving clients in
more than 120 countries, Accenture drives
innovation to improve the way the world works
and lives. Visit us at www.accenture.com
Disclaimer
This presentation is intended for general
informational purposes only and does not take
into account the reader’s specific circumstances,
and may not reflect the most current
developments. Accenture disclaims, to the
fullest extent permitted by applicable law, any
and all liability for the accuracy and
completeness of the information in this
presentation and for any acts or omissions made
based on such information. Accenture does not
provide legal, regulatory, audit, or tax
advice. Readers are responsible for obtaining
such advice from their own legal counsel or
other licensed professionals.
UNLOCKING THE VALUE OF IMPROVED
CYBERSECURITY PROTECTION
NINTH ANNUAL COST OF CYBERCRIME STUDY IN
FINANCIAL SERVICES – 2019 REPORT
Editor's Notes S size = 4.9” x 4.64”
Position = Horz: 8.14“ | Vert: = 1”