New research has revealed, to the surprise of no one, that security breaches are bad for banks. The study concluded that not only are bank customers more likely to change banks within six months of a cyber attack, but also that they are more likely to leave if the bank is unable to identify the source of a breach.
Conducted by researchers at Carnegie Mellon University, the report highlights the potential damage from public disclosure of breaches. This is bad news for banks in New York State, and particularly bad timing. The NY Department of Financial Services’ (NYDFS) new cybersecurity regulation became effective at the beginning of March, and the requirement to disclose breaches was a point of controversy throughout its proposal.
NY banks may appear less secure
The new regulation and its reporting requirements could create the impression that New York banks are less secure than others, according to James Whalen, associate council of Pioneer Bank, who was speaking at a public hearing last year:
“The public nature of such reports coupled with the expanded mandate to report may result in community banks that properly report and follow the regulation to suffer reputational and monetary loss from customers who become aware of such reports.”
The outcome of uncertainties
Customers’ interactions with banks are based on trust: They trust a bank will keep their information secure and not misuse that information. Following a breach, however, this trust takes on a certain nuance, which the study calls an “outcome of uncertainties.”
People were less likely to switch banks if the fraud could be traced to a specific party or if the bank could explain what happened. The study claimed that even if the bank wasn’t directly responsible, if it was unable to identify the reason for the breach, users were more likely to hold the bank responsible.
For those looking to comply with the NYDFS regulation, IT Governance will be running a free webinar series covering the key issues. Our experts will provide insights on individual requirements and how to apply a best-practice method to help organizations improve their cybersecurity defenses and diminish risks while staying on budget and meeting deadlines.
There will be four webinars running through March and April. To find out more, or to register for the series, click here >>