Despite the ongoing shift to multi-factor authentication (MFA), the financial industry still faces a significant problem when it comes to breaches related to compromised identification, according to a recent research report.

Released July 13, the Financial Services Authentication Study found that U.S. and European financial institutions suffered an average of 3.4 material breaches over the past year, costing those banks, credit unions and investment firms averaged $2.19 million a year in losses and remedies (not even accounting for so-called “intangible and hidden costs”).

However, more troubling is that the report found that 8 out of 10 of these breaches were related to “authentication weakness”. Hypr commissioned Vanson Bourne for the research included in “The State of Authentication in the Financial Industry 2022”.

The research alleges that at the heart of this problem, financial firms have become too “complacent” on authentication practices in the face of an exponential increase (in some cases) in cyberattacks and an increasing level of sophistication among cybercriminals. .

“The findings reveal the burden that current authentication practices leave on financial organizations around the world, particularly high-risk security breaches, strain on budgets, and overall operational disruptions,” according to a press release announcing. The report.

“Most importantly,” he continued, “the results identify gaps between ‘perceived’ and ‘actual’ authentication security.”

An “alarming” (if not shocking – given recent headlines) 85% of financial organizations surveyed experienced a cyber breach in the last 12 months, according to the results. However, perhaps more surprisingly, more than 7 in 10 (72%) experienced multiple breaches in the same time frame. And yet, 9 in 10 of these hacked companies still insist that their existing authentication approach is secure, “despite the data proving otherwise.”

Despite this apparent disconnect, financial services IT security veterans still argue that the industry can and will regain its edge in terms of improved authentication, and thereby reduce the success and impact of subsequent cyberattacks.

“The financial industry is at the forefront of cybersecurity,” said David Reilly, strategic advisor in security and financial services and former CIO and CTO of Bank of America, in the statement prepared by Hypr. “As one of the industries most targeted by attacks, financial services companies have an impressive track record of adopting innovative new defense technologies to deliver the protection customers need.”

Additional key findings from the report include: 36% of respondents said phishing was the “most prevalent type of attack”, followed by malware and credential stuffing, which each accounted for 31% of breaches; and push notification attacks, which accounted for 29%. The study also revealed that almost a third of these organizations “lost customers to competitors”, while 29% lost at least one employee and about a quarter (26%) of they lost customer data after their breach.

More promisingly, nearly 9 in 10 survey respondents (89%) said they “believe passwordless MFA provides the highest level of authentication security.”

“While perimeter, network, and behavioral analytics improvements have advanced, authentication security has not kept pace,” Reilly added in his statement. “We now have the ability to bring a step change in function and improve authentication security by removing the risk of static passwords and credentials that can be learned and exploited by attackers. . Eliminating the risk of static passwords is the strategic way forward.

The report was based on interviews with 500 financial industry IT security decision makers based in the US, UK, France and Germany.