“Theft of information assets, disruption of services and wrongful disclosure are believed to be the most serious cyber security threats to an organization’s information assets. The most serious consequences from a cyber attack or intrusion are the loss of intellectual property, productivity decline and lost revenue." - Ponemon Institute, 2013(1)
It’s been a painful 2014 for the financial sector and cybercrime (think Variable Annuity Life Insurance, JPMorgan Chase). And while distributed denial-of-service attacks on large financial institutions are in the headlines, cybercrime involves protecting more than a business’s individual technology systems. As we’ve seen so far this year, breaches in third-party service providers can create detrimental issues for the firms that rely on their services.
Headaches expand to In-house Counsel
As a New York regulator asks financial institutions to turn over third party security data, financial institutions are now instructing law firms to beef up cybersecurity.
As more and more companies are hit with cyber-attacks, in-house counsel is scrambling to improve their online defenses. But those defenses don’t just include a company’s own cybersecurity measures, because for corporations such as financial companies that deal with highly sensitive information, ensuring privacy includes protecting information in closely-related hands as well.
Many of the largest U.S. financial institutions, particularly ones that have handled data breaches such as JPMorgan Chase, are now requiring their law firms to undertake stronger cybersecurity measures. These measures can include full background checks on lawyers that handle personally identifiable information, on-site audits to determine the level of access to information, and other beefed-up compliance procedures.
Since those same law firms are often susceptible to the same cyber-attacks this comes as little surprise to many. In fact, in May 2014, the American Bar Association passed Resolution 109, suggesting that attorneys begin to adopt a cybersecurity plan in order to protect client data.
A Migraine to the Brand
Make no mistake; there are also negative, public-facing damage to customer confidence, brand image, reputation and stock market value. We know the value of a brand, so once hit, are definitely more difficult to rebuild.
“Data breaches can have as much impact as poor customer service in their effects on brand reputation,” according to a study by the Ponemon Institute.
According to the study, the three occurrences that have the greatest impact on brand reputation are data breaches, poor customer service, and environmental disasters. So it’s a matter of trust. Banking institutions and other financial services firms must increase their investments in systems and technologies designed to identify, monitor and mitigate systemic risks, such as cyber-threats.
A successful cyber program will be based an institution’s size, its business model, and sensitivity of data collected. It is essential that an institution’s view of its cyber risk remains dynamic as those factors change and evolve over time.
EiQ Networks delivers advanced information security intelligence that significantly reduces information security risk and meets financial industry monitoring and auditing requirements.