The financial sector is at the heart of the global cyber-attack, but the attackers have targeted the big internet companies too, according to a new report.
The Global Industry Classification Network (GICN), a global monitoring system, showed that banks have seen their business revenue fall by over $3 billion since the beginning of 2016, compared with a loss of just $1.2 billion for the year ending March 31, 2017.
“As we move into the first days of the new year, we’re seeing a lot of interest from financial institutions in the cyber threat landscape,” said Rui De Souza, executive director of the GICN.
“In the case of the internet sector, banks are now being targeted for the first time.”
The GICn data, released on Monday, is based on a survey of over 3,500 respondents by a company called Ciena, which provides cyber security consulting.
The survey also shows that the cyber threats in the financial sector are increasingly focused on US-based banks, which account for about 90 per cent of global cyber attacks.
“The banks are really starting to be targeted for what we call the large banks,” De Souya said.
“We are seeing the largest losses, about $3.5 billion, and the largest increases in the number of cyber attacks.”
The survey also showed that the financial services sector is the most targeted.
The total cyber-threat losses have more than doubled to $7.4 billion from $3 million in 2016.
The largest banks account for nearly 60 per cent, followed by major US and international corporations with around 16 per cent each.
The survey shows that major banks, including Goldman Sachs, JPMorgan Chase, Bank of America, Wells Fargo and Morgan Stanley, have seen an average of $5.5 million in cyber-related losses per day since the start of the year.
The rest of the big five have reported losses of about $400 million or more.
Financial institutions also lost more than $1 billion to ransomware attacks in 2017.
The GICM data showed that hackers targeted more than 1,000 banks worldwide.
“We have seen a significant rise in ransomware attacks on financial institutions over the last year, and this has created a lot more concern about the safety of financial institutions,” said Joachim Janssens, GICnet’s chief security officer.
Ransomware is a computer virus that encrypts files or drives.
The criminals then demand a ransom to release the files, or other valuable information, in return for payment.
The number of financial firms hit by ransomware is growing, and it is expected to be higher in 2018.
In 2017, the financial industry lost $1 trillion and the GICS report said the financial infrastructure of the world is vulnerable to cyber-attacks.
“While we are not seeing a dramatic rise in cyber attacks, we are seeing a significant increase in ransomware-related activity,” said Daniela Zampirini, a senior cyber policy analyst at the European Council on Foreign Relations.
Ranier Siegel, a cyber security expert at Deloitte Consulting, said that banks are increasingly vulnerable because of the way they deal with cyber-security threats.
“If you look at the bank’s cybersecurity, you’ll see that the way that they deal in terms of cyber security is very similar to the way the IT industry deals with IT risks,” Siegel said.
“In the IT space, you have a very large risk to your infrastructure.”
But in the banking sector, Siegel added, banks “have a very different mindset.”
“The financial industry is very much focused on the threat to the banking system, and they are focused on protecting the bank,” he said.
But while cyber-insurance companies are getting more aggressive, it doesn’t mean banks are getting safer.
“There’s still a lot that banks do not know about cyber-infrastructure security,” said David Smith, a cybersecurity consultant.
“The banks need to be more proactive in terms a cyber-risk analysis and in terms providing training and resources.”
“This is a new reality, and we are beginning to see a lot about cyber attacks in the US, but not as much in Europe.”