P-to-P fraud most concerning cyber threat in 2023: CSI

US financial institutions see peer-to-peer fraud and other digital fraud as the biggest cybersecurity concern in 2023.

It was cited by 29% of respondents in a survey by Computer Systems Inc. (CSI), followed by data breaches (23%), ransomware (20%) and a breach at a third party (15%). 

Industry respondents also expressed concerns over identity theft at 4%, unavailable or unaffordable cyber insurance at 4%, geopolitical risks at 3%, DDoS attacks at 2% and website defacement at 0.9%, according to CSI’s annual survey of the financial sector. It received responses from 228 banking executives, 171 of them at vice-president level or above. 

P-to-P biggest cyber security concern

An investigation into the internal data from the four biggest banks in the US showed that as of 2020, the banks had collectively received $90 million in fraudulent claims on P2P platforms. This was expected to go up to $255 million by 2022, a 183% increase. 

“The rising rates in P-to-P fraud across the industry have institutions wondering if such incidents are a result of data breaches. This perspective likely explains why bankers ranked breaches second on their worry list,” Steve Sanders, CISO at CSI said in the report. 

Readiness for a cybersecurity incident

80% of respondents said they clearly know what to do in case of a cybersecurity incident in their organization, and 77% of respondents said they clearly understand their organization’s cyber risk. 72% of respondents said they have a reliable source of cybersecurity news, and 68% of respondents said their cyber security education program is effective, CSI found. 

51% of respondents were confident their organization would not be found negligent if it suffered a data breach, and 47% of respondents said their CISO can present a strategic business case for cyber spending. Only 8% disagreed with this statement. Around 36% of the respondents said privacy laws and regulations have improved their organization’s process, CSI wrote. 

“Based on their responses, there appears to be a certain cybersecurity exhaustion among bankers. This is understandable, but it is still important for institutions to be vigilant,” Sanders said in the report. 

In terms of regulations, the banking institution is waiting for the final ruling of the Financial Crime Enforcement Network (FinCEN) beneficial owner database. 68% of respondents in the survey said they are very concerned about cybersecurity compliance in their space, and 91% of bankers said that fraud is the biggest risk in compliance risk. 

Cybersecurity risk on banks globally

A separate, global survey conducted by consulting firm EY found that 72% of chief risk officers (CROs) in the banking sector identified cybersecurity risk as their top concern over the next 12 months . 

“The role of the CRO is in the spotlight; and, with geopolitical risk underpinning everything else on their agenda, they will need to find new and innovative ways to address competing demands,” Jan Bellens, leader at EY Global Banking and Capital Markets Sector, said in the report. 

“It is arguably one of the hardest jobs in the banking c-suite, facing new and hidden risks – particularly from increasingly sophisticated cyber-attacks, that will put increasing pressure on an already volatile environment,” Bellens added. 

Almost 70% of North American CROs are concerned about cyber warfare between nation-states due to the ongoing geopolitical conditions. This is substantially more than their peers in Europe where 46% of CROs were concerned about cyberwar, EY noted.