Is cyber-crime as big a threat as rumoured? According to the authors of a report on the financial sector, under-reporting and over-spending are huge issues in the industry.
Each year, around four million people in the UK have their identities stolen. This happens in the form of their accounts being hacked or phished to obtain financial details, as well as mortgage, medical insurance and tax refund fraud.
There is no doubt that the modern-day dependency on digital communication for bank transactions has made customers more vulnerable, but how serious is the risk?
Research by Monica Lagazio of Trilateral Research & Consulting, Mike Cushman from LSE’s Department of Management and former LSE Masters student Nazneen Sherif shows a mass of contradictions in the financial sector when it comes to cyber-crime.
Fears of reputational damage, the competitive nature of the sector and the probability of insurance premium increases are the main factors driving severe under-reporting of incidents, the authors say.
In a paper published online in Computers & Security, the authors reveal that weak policing of cyber-crimes and over-spending on defence measures is actually aiding the perpetrators.
Compromised cards and accounts are the most common cyber-crime incidents, resulting in huge losses for financial institutions, but targeted customers are rarely left out-of-pocket.
The authors say banks should focus on compensating victims of cyber-crime effectively and efficiently to avoid losing their trust and loyalty.
Lead author and cyber expert Monica Lagazio says: “Irrespective of the cost of cyber crime, financial companies that can afford high-end security systems will spend on cyber protection to strengthen their brand image and gain a competitive advantage. This, however, can trigger a costly cyber race in the financial sector. ”
Fast recovery from cyber attacks is a better strategy, she says. “If banks respond quickly and customers are reimbursed, this action actually has the effect of increasing customer trust in their financial institution,” she adds.
However, the reluctance of banks to accurately report the number of cyber-crime incidents is not helping to address the problem.
Mr Cushman says the larger financial institutions are spending huge amounts of money to defend themselves against cyber-crime as a way of differentiating themselves in the market.
“Most of this is wasted money and does not correlate closely with the threat but it is a strategic action to protect their business interests. They over-spend on defence mechanisms to safeguard against cyber- attacks, but under-report the incidents to protect their reputation,” Mr Cushman says.
The authors say trade-offs are needed between the cost of security measures and the level of protection actually required.
Financial institutions also need to overcome their reluctance to share information about cyber-crime, so that the true nature of the problem can be addressed.
Another impact of cyber-crime is that companies tend to be more risk averse, the authors claim, and subsequently fail to take advantage of new business opportunities because of their fears.
“A multi-level approach to understanding the impact of cyber-crime on the financial sector” is published in Computers & Security.
Monica Lagazio is an Associate Partner at Trilateral Research & Consulting. Her work focuses on security, risk analysis, innovation, data strategy, and policy formulation. She led the research, which is part of a European-funded project called E-Crime.
Nazneen Sherif, Associate Technical Editor of Incisive Media, completed the bulk of the research for this paper while undertaking a summer project with Trilateral Research & Consulting as part of her Masters in Decision Sciences at LSE.
Mike Cushman is a former Research Fellow and currently a teacher within the Department of Management at LSE, focusing on problem structuring methods and voluntary sector management.
Masters students in Decision Sciences at LSE undertake a three-month summer project at the end of their course. These projects are located in companies and public and voluntary sector organisations that want assistance with issues they are facing and give students an opportunity to apply what they’ve learned in a real world situation.
The students gain invaluable experience and the client gains analysis and insight from a motivated student supported by an expert supervisor from LSE.
This paper was the output of such a project written jointly by the student and the supervisors from the project and LSE. To find out more about these projects please contact Ruth Kaufman firstname.lastname@example.org
Posted 18 June 2014