A Cyber Defense Guide for the Financial Sector

Data breaches cost more for the finance sector than they do for many other industries. According to IBM’s Cost of a Data Breach Report 2023, the average cost of a data breach for financial organizations amounted to $5.90 million. That’s second only to those in healthcare at $10.93 million.

Let’s take a closer look at what data breaches in the financial sector entail. In the 2024 Data Breach Investigations Report, Verizon recorded 3,348 incidents in the finance sector, 1,115 of which involved confirmed data disclosure. External actors made up approximately two thirds of the cyber threat actors (CTAs) responsible for those incidents. Motivated by financial gain, they compromised personal information three quarters of the time. They did so primarily using system intrusion, miscellaneous errors, and social engineering as their preferred attack patterns.

These findings highlight how several challenges complicate cybersecurity in finance organizations. For instance, as some of the most regulated businesses worldwide, financial organizations face significant responsibilities to prioritize their cybersecurity and data management in compliance with the Cyber Risk Institute (CRI) Profile v1.2, FFIEC-CAT, PCI DSS, and 23 NYCRR 500, among others. Financial institutions also must contend with a larger attack surface driven by open financial data sharing and hybrid work, outdated IT infrastructure, limited cybersecurity awareness and expertise, as well as the growing cost of digital fraud.

With these challenges in mind, finance organizations like yours face the obstacle of trying to address them all at once. Where do you start? How can you make the most of your time, money, and resources?

Fortunately, you don’t need to answer these questions alone. In this white paper, we’ll discuss how you can use no-cost and cost- effective resources from the Center for Internet Security® (CIS®) to improve your financial organization’s cyber defenses.