Cyber Fraud Index: What Are the Biggest Cyber Fraud Risks Facing Your Organization?

Download the Webster Bank Cyber Fraud Index here

We asked C-Suite leaders...What are the biggest cyber fraud risks facing your organization?

In their answers, common themes emerged: third-party risks, phishing, social engineering and ransomware. Artificial intelligence was also mentioned as a growing risk.

“Recently, largest risks appear to be with effective identity management, as well as third-party risk for subcontractors.”

“The phishing emails to the finance people pretending to be their bosses asking to transfer money.”

“Customer data loss, reputation loss, ransomware attacks, service disruption.”

Top Cyber Fraud Concerns

The executives we surveyed are most concerned with phishing, ransomware and the theft of their customers’ data. Theft of organization data and malware were also top concerns.

• 88%: Phishing
• 85%: Ransomware
• 77%: The theft of our customers’ data
• 77%: Theft of org’s data
• 74%: Malware

The Impact

91%: Your company’s reputation 

• 59%: Very concerned
• 32%: Concerned

89%: Your customers’ trust

• 56%: Very concerned
• 33%: Concerned

81%: Your company’s operations

• 39%: Very concerned
• 42%: Concerned

80%:Your financial losses

• 44%: Very concerned
• 36%: Concerned

69%: Your Employees

• 21%: Very concerned
• 48%: Concerned

54%: Your relationship with your vendors/suppliers

• 21%: Very concerned
• 33%: Concerned

Top Concerns About Cyber Fraud’s Impact

We asked executives what they were most concerned with in terms of the impact of cyber fraud. Many were worried about their company’s reputation and customer trust.

Cybersecurity Statements

When asked to choose from various statements related to cybersecurity and cyber fraud, many C-Suite leaders said they had cybersecurity plans, but still worried about risks.

Statements

• 91%: Our organization has a clear plan for mitigating cybersecurity issues.
• 85%: I worry about our suppliers and vendors exposing us to cybersecurity issues.
• 72%: Cybersecurity and cyber fraud issues keep me up at night.

Note that while few executives feel that cybersecurity issues are out of their control, more than half don’t think their cybersecurity budget is adequate.

• 55%: Our cybersecurity budget is adequate.
• 12%: Cybersecurity issues are outside of my control.

Cyber Fraud Incidence

63% of executives we surveyed reported experiencing cyber fraud one or more times in the past two years.

• 3%: 10+ Times
• 3%: 6-9 Times
• 6%: 4-5 Times
• 21%: Once
• 29%: 2-3 Times
• 37%: Never

Losses

51% of respondents reported losses between $10,000 and $500,000 from their most significant cyber fraud incident, while 11% reported losses exceeding $1 Million.

Protection Measures Taken Organizationally

Two-factor authentication and firewalls are the most common cybersecurity approaches taken. Only half of respondents have established an advisory council to address cyber fraud issues.

What are the most valuable steps your organization has taken to prevent or minimize cyber fraud?

Many answered with training and education for their employees, as well as using third-party vendors — despite many being concerned by third-party risks. Multifactor authentication (MFA) and zero-trust architecture were also frequently mentioned.

“Launch of company-wide training on cybersecurity, which is mandatory for all employees.”

“Using zero-trust architecture...has forced a process of verification and authentication based on behaviors and triggers.”

“Third-party software to prevent cyber risks.”

Protection Measures Taken for Employees

Almost all executives restrict employee access to data and information, and require passwords and regular password changes. 3 out of 4 have hired employees who focus on cybersecurity.

Protection Measures

• 76%: Hired ee(s) to focus on cybersecurity
• 78%: Require ee's to log into VPN when remote
• 89%: Require regular security training
• 89%: Require ees to change password regularly
• 93%: Require ee's to use passwords to access data
• 94%: Limited employee access to data & info

Organizational Protection Measures

• 96%: Instituted two-factor authentication
• 94%: Installed firewall for computer systems
• 87%: Created critical incident/disaster recovery plan
• 82%: Purchased cybersecurity insurance
• 65%: Signed up for online security monitoring
• 61%: Invested in fraud protection software
• 52%: Formed cybersecurity advisory council

Protection Measures Taken Organizationally

Two-factor authentication and firewalls are the most common cybersecurity approaches taken. Only half of respondents have established an advisory council to address cyber fraud issues.

Get a C‑suite view of cyber fraud; download the Webster Bank Cyber Fraud Index here.