NEW YORK, NY – October 10, 2024 — HYPR, the Identity Assurance Company, today released its spotlight report, "When Trust is Hacked: Customer Identity Security in Finance." This report sheds light on the persistent threat of credential misuse and authentication vulnerabilities plaguing the financial industry, drawing a direct correlation between the escalating cyber-threat landscape and the growing apprehension among today's banking customers. The report's findings underscore the devastating impact of identity-related cyberattacks on customer loyalty, revealing a staggering 80% of respondents would likely abandon their financial institution following a data breach.
HYPR's latest report draws on comprehensive insights from two surveys, encompassing both financial service organizations and their customers, with a total of 548 respondents. This robust data set provides a unique and multifaceted perspective on the current state of identity security in the financial sector – revealing that current technologies are simply failing. Alarmingly, within the past year alone, 86% of finance organizations have been targeted by identity-related cyberattacks, with 84% falling victim to identity fraud. Additionally:
"The financial sector remains a prime target for cybercriminals, and identity processes remain a major weak point. Institutions must proactively adapt their defenses to outpace evolving threats, or risk eroding customer trust and facing significant financial losses. Inaction is not an option,” said Gehan Dabare, newly appointed HYPR Advisor and leader for IAM at companies such as JPMC, Citi, CVS Health. "Gone are the days of blind trust. Today's consumers are informed and empowered, demanding transparency, cutting-edge technology, and the peace of mind that comes with knowing their finances are secure."
The High Stakes Impact on Customers
Today's banking customers are demanding more accountability from their financial institutions, rejecting the unquestioning loyalty of previous generations. The consequences are clear with an overwhelming 80% of customers prepared to switch banks following a data breach. This intolerance for security lapses is even more pronounced among younger customers, with 93% of those under 35 ready to close their accounts. In contrast, more than a quarter of customers aged 45 and older would remain loyal after a breach. These findings emphasize a clear shift in customer priorities across all age groups: security, company values, and technological innovation are now paramount when evaluating banking relationships. Of those surveyed:
A mere 11% of respondents were aware of breaches affecting their banks, while 63% firmly believed their banks were unscathed, and the remaining quarter were uncertain. This highlights a critical gap in communication from financial institutions during breaches, raising concerns about the effectiveness of their disclosures. In terms of authentication protocols and technology, most respondents (95.5%) are aware of passkeys as an available login technology. Armed with this information, 77% of customers would actively favor a bank offering passkeys over one that doesn't.
Yet, despite the growing demand for heightened authentication measures, financial institutions are trailing in their offerings of safer methods. Nearly a quarter (22%) of respondents still repurpose passwords across financial accounts, while close to 90% rely on one-time passwords (SMS, email or voice) and 7% rely solely on a password. This demonstrates the need for modernization in the financial sector's authentication practices, especially as customers become increasingly aware of and demand stronger security measures.
"It's a stark paradox: the financial sector invests heavily in cybersecurity yet remains a prime target. The question isn't how these attacks happen, but why they persist," states Bojan Simic, CEO and Co-founder of HYPR. "Our research exposes the dual nature of this challenge: the struggle to implement effective technology amidst rapidly evolving AI-driven threats, and the rising tide of customer expectations demanding both robust security and transparent communication. This is a defining moment for financial institutions to adapt or be left behind."
About HYPR
HYPR, the leader in passwordless identity assurance, delivers the industry's most comprehensive end-to-end identity security for your workforce and customers. By unifying phishing-resistant passwordless authentication, adaptive risk mitigation, and automated identity verification, HYPR ensures secure and seamless user experiences for everyone.
Trusted by organizations worldwide, including two of the four largest US banks, leading manufacturers, and critical infrastructure companies, HYPR secures some of the most complex and demanding environments globally.
Media
Fabienne Dawson
fabienne@hypr.com
917.374.6860