Headline making cyberattacks have previously hit the technology and retail industries, but the financial industry was relatively spared… until recently. On August 28, JPMorgan Chase announced that the Federal Bureau of Investigation (FBI) is conducting an investigation related to a potential cyberbreach at the bank. The damage done by the breach is unclear, but the question remains: How safe are major financial institutions?
According to The Wall Street Journal, representatives from Bank of America Corp., Wells Fargo & Co., U.S. Bancorp, PNC Financial Services Group Inc., Bank of New York Mellon Corp., State Street Corp. and SunTrust Banks Inc. all said that they have not detected signs that their private information was infiltrated. Currently, the FBI’s investigation seems to be localized to JPMorgan Chase.
However, that does not mean that those financial institutions are necessarily safe. According to numbers from PricewaterhouseCoopers, 34 percent of financial institutions reported a cybersecurity incident related to customer records, up 10 percent from 2012. In addition, 34 percent of financial institutions relayed an incident related to employee records in 2013, double 2012’s 17 percent figure.
Those attacks have risen even as spending on cybersecurity has also risen. Earlier in 2014, JPMorgan CEO Jamie Dimon wrote to shareholders, “by the end of 2014, we will have spent more than $250 million annually with approximately 1,000 people focused on the effort.”
But so far in 2014, the trend has continued. In one notable case, eight men were charged with attempting to steal $15 million from customer accounts at 14 financial institutions, including JPMorgan Chase.
For financial institutions, cybersecurity can not only effect the bottom line, but also customer trust in the bank. That’s why, Alston & Bird partner Kim Peretti recently told InsideCounsel, cybersecurity should be top of mind for all, no matter the industry.
“The biggest concern for companies, their boards and senior executives, is that being the victim of a cybersecurity event will make headlines for months or years,” says Peretti. “There’s broad exposure for companies, board members may lose jobs. It’s now no longer a matter of if a company will be breached, but when, and in some cases, it’s not the breach itself but rather a company’s response that can land on the front page of the news.”