Financial institutions

Financial institutions are too complacent about current authentication methods

New York, NY – July 13, 2022 – HYPR, The Passwordless Company™ and Vanson Bourne, today released a new report that reveals the financial industry is failing to combat the biggest cybersecurity threat: compromised credentials. . Findings show that 80% of financial services organizations experienced at least one cyber breach in the past 12 months due to weak authentication, but only a third of organizations changed their authentication methods to the aftermath of the breach, leaving a significant number of them highly exposed in the future. attacks and breaches. The State of Authentication in the Financial Industry report also shows that there is a proven solution to combat these attacks, with 89% saying that passwordless authentication is necessary to achieve highest levels of security.

The report, which shares insights from 500 IT security decision makers in the financial industry, represents a cross-section of small and medium-sized businesses and enterprises spanning the US, UK, France and Germany. The findings reveal the burden that current authentication practices leave on financial organizations around the world, particularly high-risk security breaches, strain on budgets, and overall operational disruptions. More importantly, the results identify gaps between “perceived” and “real” authentication security.

Over the past 12 months, an alarming 85% of organizations surveyed have experienced a cyber breach; more surprisingly, nearly three-quarters (72%) experienced multiple breaches during the same period, bringing the annual average to 3.4 breaches per year. Remarkably, 90% of these victims still believe their current authentication approach is secure, despite data proving otherwise. Among these attacks:

● 36% said phishing was the most common type of attack, followed closely by malware and credential stuffing, tied at 31%, and push notification attacks at 29%.

● The annual average direct cost of authentication-related cyber breaches was $2.19 million, excluding intangible and hidden costs.

● Almost a third lost customers to competitors and suffered loss of employee (29%) and customer (26%) data as a result of the breach.

“The financial sector is at the forefront of cybersecurity. As one of the industries most targeted by attacks, financial services companies have an impressive track record of adopting innovative new defense technologies to deliver the protection customers need,” said David Reilly, strategic advisor in security and financial services and former chief information officer and chief technical officer for Bank of America. “While perimeter, network, and behavioral analytics improvements have progressed, authentication security has not kept pace. ‘Improve authentication security by removing the risk of static passwords and credentials that can be learned and exploited by attackers Eliminating the risk of static passwords is the strategic way forward .

Financial organizations have a false sense of security over multi-factor authentication

The financial sector is the industry most targeted by cyberattacks, and the most forward-thinking and progressive in terms of technology adoption. Despite this, a significant proportion of respondents (32%) admit that their employees use legacy authentication methods such as SMS and OTPs, and almost a quarter (22%) only use usernames and passwords. Passwords. The report’s findings highlight a disconnect, as 84% ​​believe that traditional MFA authentication provides comprehensive security and, at the same time, 99% agree that their current authentication methods are inadequate.

“The financial services industry, like many others, faces a paradox. The data shows that traditional authentication methods are perceived to be effective, but the data also clearly shows that these methods do not offer sufficient protection. , leaving organizations exposed to unacceptable risks. At the same time, the scale of attacks and malicious strike techniques is rapidly increasing, widening this vulnerability gap,” said Bojan Simic, co-founder, CEO and CTO of HYPR “Continued guidance and mandates from government agencies such as CISA is a crucial step in raising the red flag and calling for immediate action for tougher controls. Passwordless multi-factor authentication is the gold standard and should be the foundation of all security strategies – the data speaks for itself.

The benefits of passwordless authentication are known with improved user experience and security leading the way

89% of financial organizations understand that passwordless authentication is necessary both to achieve the highest level of authentication security and to ensure user satisfaction. Nine in ten also agree that cost benefits are a dominant factor for passwordless adoption. Factors such as password fatigue, productivity impacts, and help desk costs are key drivers of adoption. Additionally, respondents cited meeting cyber insurance requirements (31%), improving supply chain security (31%), and supporting Zero Trust initiatives (27%) as benefits of passwordless authentication.

For more information about HYPR, visit https://www.hypr.com.