About half of banks and payment systems prefer to handle cyber incidents when they happen, rather than invest into tools with which to prevent them. That is according to a survey by the IT security product company Kaspersky Lab, with B2B International on company representatives’ attitudes towards information security.
Near half, 48 per cent of financial organisations said they take measures to protect their clients from online fraud, aiming at mitigating the consequences rather than preventing incidents entirely. Moreover 29 per cent of companies believe it is cheaper and more effective to address cases of fraud as they occur, rather than to attempt to prevent them.
According to the responses given by the surveyed bank representatives and payment service operators, whenever a cyber-fraud incident involving a client’s account occurs, only 41 per cent of organisations take necessary measures to prevent such an incident from re-occurring. A good third, 36 per cent of companies conduct an analysis of the vulnerability exploited in the attack, and 38 per cent compensate the losses. The most popular policy among companies is to try to find out who was behind the attack: two thirds (66 per cent) of financial organisations do this.
Comment
Kirill Slavin, Managing Director UK&I at Kaspersky Lab, said: “It is vital for organisations to consider the importance of prevention, rather than waiting to mitigate the consequences. Many leading banks have already implemented this method with ‘root cause fraud prevention’, however, there are still some who rely on a ‘reactive fraud detection approach’. With cyber-criminals continuing to invent increasingly sophisticated methods of attack, banks need to have preventative measures in place, otherwise financial cybercrime and consequential losses will only grow.”
The survey involved more than 5000 company representatives, including 131 banks and payment services, from 26 countries.
