Fraudsters continue to do damage in the finance industry, evidenced by recent attacks against Fidelity National Financial and Mr. Cooper, and financial institutions must strengthen their systems to avoid hacks and respond to breaches. 

In 2023, the average cost of a data breach in the financial industry was $5.9 million, according to data and visualization platform Statista, slightly less than the $5.97 million tallied in 2022. 

“Every company, at some point, is going to be compromised,” Dale Shulmistra, data protection specialist at IT services and consulting company Invenio IT, told Bank Automation News.  

According to Shulmistra, to best position itself to overcome a cyberattack, a financial institution should: 

• Implement a detection response. Financial institutions should have a holistic approach to risk management, Shulmistra said. A system that monitors end-point protection, network protection and cloud protection is key to catching fraud early. 
• Test the system regularly. At minimum, financial institutions should test their detection response systems twice a year, but quarterly testing is preferred, Shulmistra said. 
• Prioritize end-user training. “A regular, extremely diligent user training program is a must,” he said. Fraudsters continue to target individuals through phishing attempts and training can minimize the risk. 
• Create a disaster recovery plan. A business continuity plan is crucial. If a system is compromised, it allows FI operations to be restored as quickly as possible, he said.  

Recent attacks

FIs Fidelity National Financial and Mr. Cooper know the need for disaster recovery plans as each suffered a data breach in the past few months. 

On Oct. 31, Coppell, Texas-based Mr. Cooper experienced a breach of current and former customer data, according to a Dec. 15 Security and Exchange Commission (SEC) filing. A forensic review of the breach determined that it will cost the company $25 million, Kurt Johnson, executive vice president and chief financial officer of Mr. Cooper, said in the filing. 

As part of the company’s recovery plan, it will offer clients two years of complimentary identity protection services, including credit monitoring, Johnson said.  

Similarly, Jacksonville, Fla.-based Fidelity National Financial reported a cybersecurity breach Nov. 19-26, according to the institution’s Dec. 6 SEC filing.  

Fidelity is “still assessing the impact” of the incident, according to Chief Financial Officer Anthony Park, but the institution does have cyber insurance in place at a $10 million retention, he said in the filing.  

Although the effects of the attack are still unknown, Fidelity plans to invest in cybersecurity technology, Park said in the filing.  

“Cybersecurity will continue to be a top priority in our technology spend,” he said.  

In the third quarter, the FI’s total expenses, including technology, totaled $2.2 billion, down from $2.7 billion in Q3 2022, according to its Q3 earnings supplement.  

Get ready for the Bank Automation Summit U.S. 2024 in Nashville on March 18-19! Discover the latest advancements in AI and automation in banking. Register now.