Financial institutions (FIs), such as banks and insurance providers, are reporting significantly increased threat levels from COVID-related cyber crime according to new research by BAE Systems Applied Intelligence, the cyber and intelligence arm of BAE Systems.
A huge jump in new pandemic-related threats, alongside a rise in challenges caused by enforced work from home guidance, is leaving open and insecure gaps in FIs’ networks. The findings released today within The COVID Crime Index 2021 analyses the changing nature and impact of fraud, risk and cyber threats on UK and US FIs and consumers over the last 12 months.
According to the index, which surveyed 902 organizations in the financial services sector, three-quarters (74 per cent) have experienced a rise in cyber crime since the pandemic began, with 42 per cent of banks and insurers revealing the remote working model has made them less secure. Just under half (44 per cent) were also concerned that this has led to less visibility of potential holes in their network or infrastructure and a further 37 per cent of FIs believe their customers are now at greater risk of cyber crime or fraud.
“We’re noticing a clear collaboration emerging between different groups of criminals across the wider landscape of serious and organized crime,” said Adrian Nish, head of Cyber at BAE Systems Applied Intelligence. “Fraudsters and cyber criminals seek to exploit fear, uncertainty and change, and the pandemic has offered them new opportunities to probe for weaknesses they can monetize and new ways to disguise their activity.
“Attackers are building increasingly advanced capabilities to target core banking systems and becoming more aggressive, harming victims’ ability to respond to attacks. Online criminals have reacted fast, adapting their approach to hunt out remote working security gaps and prey on the vulnerable.”
The monetary impact of online criminal activity since the start of the pandemic has also been significant. The index found 56 per cent of US and UK banks and insurers saw an upsurge in financial losses over the last 12 months – the average cost reaching $720,000 USD and rising.
Despite this growing problem, IT security teams are feeling further pressure from decreased budgets and team redundancies. On average, budgets within IT security, cyber crime, fraud and risk departments have been slashed by a quarter (26 per cent) and 40 per cent have had to cut back on critical IT security technology spend. Alongside this, more than a third (36 per cent) have had to reduce the number of people in IT security teams over the past 12 months.
A secondary study as part of the index surveyed consumers to explore the personal impact of these increased attacks and found a fifth of consumers have been targeted at least once in the past year. More than a quarter (28 per cent) said they had been sent an email hoax relating to COVID-19, with 22 per cent also being targeted by text or SMS. Even when refunded, the average amount of money stolen by cyber criminals was $1,174 USD. For those who didn’t see their money again, the average money lost was a significant $743 USD.
A spike in online shopping due to the pandemic has also driven increasing cyber crime. More than a quarter (26 per cent) said they had bought something from a fraudulent site in the past 12 months and never received their goods. This has led to concerns over sharing data, with 84 per cent of consumers worried about their digital identity and personal information online.
More than half (53 per cent) of those surveyed believe it is the job of the banks to protect them, compared with 40 per cent that believed it was their own responsibility. The same amount (53 per cent) said banks or credit card providers could provide more guidance to consumers on how to behave online to be better protected from cyber crime.