While not the most frequent victims of cybercrime, firms in financial services are facing higher costs relating to such incidents when compared to businesses in any other sector, a study by Accenture and the Ponemon Institute has found.

The financial services industry was found to incur a cyberattack-induced cost of nearly $18.3 million per firm in 2017 following on from an increase of 10 percent year-over-year, and 40 percent since 2014, according to the report, called "2017 Cost of Cyber Crime Study".

Fifteen sectors in seven countries were measured, with utilities and energy ($17.2 million) coming in second in this regard, followed by aerospace and defense ($14.5 million).

Across all industries, the financial consequences of cybercrimes averaged $11.7 million per firm. This represents a nearly 23-percent hike on the year and a 62-percent surge since 2013.

financial services industry

Figure 1: Average annualized cost of cybercrime by sector (source: Accenture, Ponemon Institute)

Meanwhile, the rate of successful breaches per firm in the financial services sector alone jumped from 40 in 2012, to 125 last year. Still, it is lower than the latest figure across the board – 130.

A further breakdown of the overall figures shows that, in all, the actual cost hinges on a number of variables. The factors that enter heavily into the equation include attack types and their frequency, along with the organization’s size and even the country in which an organization is based.

For instance, US companies lead the pack when it comes to the total average cost of cybercrime incidents while Australia is on the opposite side of the range.

As well, malware and web-based attacks were pegged as particularly costly from among nine attack methods under review, as the annualized costs faced by companies due specifically to these types of attacks reached $2.4 million and $2 million, respectively.

Financial services firms turned out to be an outlier here, however, as attacks using malware were among the least costly types of incursions for these companies ($5,000 on average per attack). By contrast, denial-of-service attacks carried the most painful financial sting ($227,000), followed by phishing and social engineering ($196,000).

From among four consequences of a cybercrime, information theft was rated as the most expensive such consequence, followed by business disruption and revenue loss.

The study looked at the immediate costs emanating from cyber-incidents based on the first four weeks after such a breach, rather than dealing with long-term costs of remediation. It is based on nearly 2,200 interviews with IT, compliance and information security practitioners from a sample of over 250 larger-sized companies in Australia, France, Germany, Italy, Japan, the United Kingdom, and the United States.