Download the Webster Bank Cyber Fraud Index here
We asked C-Suite leaders…What are the biggest cyber fraud risks facing your organization?
In their answers, common themes emerged: third-party risks, phishing, social engineering and ransomware. Artificial intelligence was also mentioned as a growing risk.
“Recently, largest risks appear to be with effective identity management, as well as third-party risk for subcontractors.”
“The phishing emails to the finance people pretending to be their bosses asking to transfer money.”
“Customer data loss, reputation loss, ransomware attacks, service disruption.”
Top Cyber Fraud Concerns
The executives we surveyed are most concerned with phishing, ransomware and the theft of their customers’ data. Theft of organization data and malware were also top concerns.
88%: Phishing85%: Ransomware77%: The theft of our customers’ data77%: Theft of org’s data74%: Malware
The Impact
91%: Your company’s reputation
59%: Very concerned32%: Concerned
89%: Your customers’ trust
56%: Very concerned33%: Concerned
81%: Your company’s operations
39%: Very concerned42%: Concerned
80%:Your financial losses
44%: Very concerned36%: Concerned
69%: Your Employees
21%: Very concerned48%: Concerned
54%: Your relationship with your vendors/suppliers
21%: Very concerned33%: Concerned
Top Concerns About Cyber Fraud’s Impact
We asked executives what they were most concerned with in terms of the impact of cyber fraud. Many were worried about their company’s reputation and customer trust.
Cybersecurity Statements
When asked to choose from various statements related to cybersecurity and cyber fraud, many C-Suite leaders said they had cybersecurity plans, but still worried about risks.
Statements
91%: Our organization has a clear plan for mitigating cybersecurity issues.85%: I worry about our suppliers and vendors exposing us to cybersecurity issues.72%: Cybersecurity and cyber fraud issues keep me up at night.
Note that while few executives feel that cybersecurity issues are out of their control, more than half don’t think their cybersecurity budget is adequate.
55%: Our cybersecurity budget is adequate.12%: Cybersecurity issues are outside of my control.
Cyber Fraud Incidence
63% of executives we surveyed reported experiencing cyber fraud one or more times in the past two years.
3%: 10+ Times3%: 6-9 Times6%: 4-5 Times21%: Once29%: 2-3 Times37%: Never
Losses
51% of respondents reported losses between $10,000 and $500,000 from their most significant cyber fraud incident, while 11% reported losses exceeding $1 Million.
Protection Measures Taken Organizationally
Two-factor authentication and firewalls are the most common cybersecurity approaches taken. Only half of respondents have established an advisory council to address cyber fraud issues.
What are the most valuable steps your organization has taken to prevent or minimize cyber fraud?
Many answered with training and education for their employees, as well as using third-party vendors — despite many being concerned by third-party risks. Multifactor authentication (MFA) and zero-trust architecture were also frequently mentioned.
“Launch of company-wide training on cybersecurity, which is mandatory for all employees.”
“Using zero-trust architecture…has forced a process of verification and authentication based on behaviors and triggers.”
“Third-party software to prevent cyber risks.”
Protection Measures Taken for Employees
Almost all executives restrict employee access to data and information, and require passwords and regular password changes. 3 out of 4 have hired employees who focus on cybersecurity.
Protection Measures
76%: Hired ee(s) to focus on cybersecurity78%: Require ee’s to log into VPN when remote89%: Require regular security training89%: Require ees to change password regularly93%: Require ee’s to use passwords to access data94%: Limited employee access to data & info
Organizational Protection Measures
96%: Instituted two-factor authentication94%: Installed firewall for computer systems87%: Created critical incident/disaster recovery plan82%: Purchased cybersecurity insurance65%: Signed up for online security monitoring61%: Invested in fraud protection software52%: Formed cybersecurity advisory council
Protection Measures Taken Organizationally
Two-factor authentication and firewalls are the most common cybersecurity approaches taken. Only half of respondents have established an advisory council to address cyber fraud issues.
Get a C‑suite view of cyber fraud; download the Webster Bank Cyber Fraud Index here.
