Global survey uncovers business attitudes toward cybercrime

A wide-ranging, global survey of businesses of all sizes reinforces the notion that they will shift relationships away from financial institutions that suffer data breaches or somehow lose the trust of their clients.

However, it also indicates that businesses other than financial institutions are more likely to be lax in security preparedness.

The survey, by Kaspersky Laboratory, notes that financial institutions are more likely than ecommerce and online retail organizations to adopt technologies that would further secure online financial transactions. A total of 3,900 respondents from 27 countries and from companies of all sizes took part in this survey. Kaspersky Lab, based in Woburn, Mass., is a privately held vendor of endpoint protection solutions, and operates in about 200 countries.

[Note: According to the Identity Theft Resource Center, of the 533 U.S. breaches recorded so far in 2014, 23, or 4%, occurred at financial institutions. The rest occurred at businesses, educational institutions, government agencies, and medical/healthcare facilities. According to ABA, In 2013, banks stopped $13 billion in fraud attempts. ]

The main findings from Kaspersky Lab’s survey include:

• Businesses place high importance on guarding financial/transaction information—34% of businesses claim that the protection of sensitive information, including financial information, is a top priority of their IT department. Forty-five percent of businesses feel they need to take improved measures to protect financial transactions. Ecommerce and online retail organizations were the least likely to keep their existing antifraud measures up to date. They also reported only a slightly above-average interest in taking improved measures to protect financial transactions.

• Businesses take a pragmatic view toward losses incurred by cybercrime—Roughly one out of every four businesses—27%--is willing to suffer losses incurred by cybercrime because they believe the cost of protection will outweigh the cost of dealing with the losses. Moreover, 52% of financial service businesses have a policy of reimbursing customers’ losses caused by cybercrime without investigation. Survey indications put the true cost of financial data lost at between $66,000 and $938,000, depending on the size of the company.

• Financial companies are not immune to cyber threats—48% of ecommerce/online retail businesses and 41% of financial services organizations have reported losing some type of finance-related information to cybercriminal activities within the past 12 months.

• The security reputation of financial institutions plays a critical part in businesses’ propensity to do business with them—82% would consider leaving an institution that suffered a breach Moreover, businesses are more open to the idea of investing in premium software solutions to protect financial transactions; 53% prefer to pay more for the best security solution for transaction protection.

• Businesses do have a relatively broad view about who is ultimately responsible for the risks of financial transactions—Only 35% of survey respondents think banks are primarily responsible, whereas financial institutions in this survey believe 85% of the burden is being placed on them. Smaller businesses rely more heavily on financial institutions to take responsibility for the safeguarding of their transactions and data. However, even among larger businesses, only one in five feels it is the responsibility of their security department.

• Online services providers have room to adopt more sophisticated security measures for their clients—4% of businesses operating some kind of online service admitted they took no specific measures to protect their customers/clients from online financial fraud.