Cybersecurity Statistics & Risks for Banks

Community banks are facing a lot of pressure as they look to grow in their home markets. They face competition from larger lenders, ways to get low-cost deposits, and how to improve their operational performance.

Internally, the number and highest-growing concern for community banks is their cybersecurity risk. In the 2021 survey conducted by the Community Banking Research and Policy Conference entitled Community Banking in the 21st Century, more than 80 percent of community bankers said cybersecurity risks were “very important,” more than double the rate of any other type of operational risk.

In the 2020 survey, 60 percent of community bankers said cybersecurity was very important.

Why the increase?

Probably because cyberattacks are getting more numerous, more sophisticated, and more troublesome to overcome.

We’re going to go over some cybersecurity statistics, recent cases, and risks for banks as well as how to mitigate them.

Cybersecurity Statistics and Recent Cases

Trend Micro reported that the financial services industry (FSI) saw a whopping 1,300 percent increase in ransomware attacks in the first half of 2021 compared to the same period in 2020.

Computer security giant Norton says that the banking industry as a whole incurred the most cybercrime costs in 2018 at $18.3 million, while cyberattacks against banks rose 238 percent from February to April 2020 due to the COVID-19 pandemic. 

Boston Consulting Group states that financial firms are 300 times more likely to experience cyber-attacks compared to other institutions. 

A whopping 92 percent of ATMs are vulnerable to hacks. 85 percent have poor security against network attacks such as spoofing of the processing center.

In the past year, several community banks have been hit by cyberattacks.

Flagstar Bank

Michigan-based Flagstar Bank, a mortgage lender, said in December 2021 that a data breach exposed the Social Security numbers of more than 1.5 million customers. The breach affected their customers six months later, in June 2022, even though the bank believed no one’s information was misused. The bank offered free credit monitoring software to those whose information was hacked.

The cyberattack came at a bad time for Flagstar because it was in the midst of being acquired by a larger bank.

Lake Shore Savings Bank

Based in Dunkirk, New York, customers of Lake Shore Savings Bank woke up one morning in late November 2021 to discover a message from their financial institution that a cyberattack had led to a leak of customer information, including names, addresses, and account numbers. 

Like Flagstar, this community bank believes that none of the information was misused and then offered free credit monitoring services for the customers affected by the breach.

Bank of Oak Ridge

In the Piedmont area of North Carolina, the Bank of Oak Ridge suffered a cyberattack in late April 2021. The bank didn’t notify customers until July 7, 2021. They didn’t reveal what information was exposed or stolen.  

Three Small Banks in May 2021

Two ransomware groups in May 2021 exposed the private information of customers for three community banks. Hackers stole information and held them for ransom. One bank was in Florida and one was in California. 

The Swatting of IRA Financial Trust

In Sioux Falls, South Dakota, a SWAT team responded to a reported robbery of IRA Financial Trust on the afternoon of Feb. 8, 2022. However, it was a ruse. The real theft was occurring in cyberspace as hackers stole $36 million in cryptocurrency, causing actual financial losses for IRA Financial Trust’s customers. 

Solutions for Community Banks to Strengthen Cybersecurity

Community banks are especially vulnerable to cyberattacks because they have fewer resources at their disposal to provide the same robust protocols employed by large financial institutions.

Making the problem worse is the web of regulatory agencies that community banks must deal with when it comes to cybersecurity. Community banks must report to the Federal Reserve, FDIC or NCUA, and the Office of Comptroller of Currency. They must also report cybersecurity breaches to the FBI immediately.

Smaller FSIs often lack the staff and the resources to upgrade. Older software, unpatched and outdated apps, and a lack of technical staff hamper the cybersecurity efforts of community banks. 

With smaller assets and smaller budgets, community banks lack the financial resources to attract the skilled talent needed to upgrade their systems. Unfilled data breach protection jobs reached 3.5 million in 2021. 

What You Can Do to Improve Your Bank’s Cybersecurity Defenses

Even if you have limited financial resources, you can help your community bank improve its cybersecurity defenses. 

1) Develop a company-wide policy on cybersecurity. Remind employees of this policy monthly, such as don’t open unfamiliar emails, having strong passwords, two-factor authentication, proper use of removable media, and using company Wi-Fi for business only, and what types of phishing/social engineering scams to watch out for. Regularly review this plan and host regular training sessions with employees, new and current, to address any problems, issues, or updates.

2) Assess and strengthen the login credentials for employees. Use strong passwords for all business logins, which employees can save in the web browser. Change passwords at least once per quarter, and don’t use the same password twice. Use a password management platform that keeps all of your passwords secure. Absolutely, definitely, use a multi-factor authentication system such as getting alerts with passcodes as text messages, emails, or in an app. You can even use biometrics like fingerprints for MFA.

3) Update your software and hardware regularly. Hardware should never be more than two years old for laptops. You can always upgrade equipment with extra memory rather than buying entirely new hardware. Follow the recommended software updates for patches and fixes. If your software doesn’t receive updates anymore, it’s time to replace it with something newer.

4) Assess your risks. Having a formal risk assessment and an IT exam will note vulnerabilities in your IT control environment and how you can address them. The Whitlock Co. can perform an IT exam for your community bank to determine where your system is the most vulnerable.
Contact us today to schedule a consultation.


Filter by Category