There seems to be no shortage of news around cybercrime and fraud at financial services institutions.  The latest involves a security breach at one of the oldest cooperative banks in India. Within 24 hours of the FBI issuing a global alert around an ATM cash-out threat, the bank suffered a breach. Hackers executed 12,000 transactions and stole $13.5 million from the bank’s accounts via ATMs in Canada, Hong Kong, and India.

A recent survey by the Association for Financial Professionals (AFP), underwritten by J.P. Morgan, reveals that payments fraud surpassed the 2017 levels. “It is alarming that the rate of payments fraud has reached a record high despite repeated warnings,” said AFP President and CEO Jim Kaitz. “In addition to being extremely vigilant, treasury and finance professionals will need to anticipate scams and be prepared to deter these attacks.”

In an effort to gain a better understanding of why breaches continue to occur, ServiceNow recently commissioned the Ponemon Institute to survey nearly 3,000 cybersecurity professionals. Of those surveyed, 467 were from financial services institutions.

47% of financial services breach victims said they were breached due to a vulnerability for which a patch was available. This highlights an overwhelming need for more effective vulnerability response, closing down these attack vectors before hackers strike.

While financial services professionals recognize the importance of cybersecurity, 74% said they find it difficult to prioritize what needs to be patched first. Furthermore, respondents struggle to respond in a timely manner because they spend, on average, 12 days or more coordinating patching using manual processes.

However, hiring more security professionals does not equal better security. While the study revealed that financial institutions are gearing up to hire more resources for vulnerability response, they won’t improve their security posture if they don’t fix broken patching processes. And to compound the problem, ISACA, a global non-profit IT advocacy group, reports that the global shortage of cybersecurity professionals will grow to two million by 2019.

The financial and reputational damages from a breach can be catastrophic.  According to a recent study, the global average cost of a data breach is $3.86 million. For financial institutions in the United States, the average cost for each lost or stolen record is $206.  Scale this to a breach affecting millions of records, and the impact to the bottom line can be substantial. And the damage to customer trust and the financial institution’s brand is immeasurable.

Financial institutions can benefit from taking a pragmatic approach to curbing data breaches. By automating routine processes and taking care of basic hygiene items, their security teams can significantly reduce the risk of a breach.