What happens next Where's my refund? Best CD rates this month Shop and save 🤑
BUSINESS
Citigroup

Banks admit growing cyberattack risks

Doug Carroll
USA TODAY
JPMorgan Chase chief executive Jamie Dimon warned shareholders in April that the bank could be vulnerable to cyberattacks despite increased efforts to protect itself.

JPMorgan Chase this year will spend $250 million and dedicate 1,000 people to protecting itself from cybercrime — and it still might not be completely successful, CEO Jamie Dimon warned in April.

"Cyberattacks are growing every day in strength and velocity across the globe. It is going to be continual and likely never-ending battle to stay ahead of it — and, unfortunately, not every battle will be won," Dimon said in his annual letter to shareholders.

Dimon's warning has been validated by a recent hack attack into JPMorgan's data system -- and those of other unnamed financial institutions -- under investigation by federal authorities.

Dimon was only speaking for his bank, but variations of that pessimistic assessment -- some might say realistic -- are widely repeated in financial companies' filings with the Securities and Exchange Commission.

Those disclosures rarely provide details of actual breaches and what's being spent on preventative actions, but JPMorgan's rivals are as reluctant as Dimon to proclaim that all the measures they're taking will be enough to protect confidential customer information in their systems from increasingly sophisticated hackers around the world.

Here's what some other financial-services companies say about cybercrime risks in recent SEC filings:

Bank of America: "Although to date we have not experienced any material losses relating to cyber attacks or other information security breaches, there can be no assurance that we will not suffer such losses in the future."

Bank of Nova Scotia: "The Bank is exposed to ever increasing cyber risks, which may include theft of assets, unauthorized access to sensitive information, or operational disruption such as breaches of cyber security. With this in mind, the Bank has implemented a robust and continuously evolving cyber security program to keep pace with the evolving threats. While the Bank's computer systems continue to be subject to cyber-attack attempts, the countermeasures in place remain effective. Scotiabank has not experienced material breaches of cyber security."

Citigroup: "Citi has been subject to intentional cyber incidents from external sources, including (i) denial of service attacks, which attempted to interrupt service to clients and customers; (ii) data breaches, which aimed to obtain unauthorized access to customer account data; and (iii) malicious software attacks on client systems, which attempted to allow unauthorized entrance to Citi's systems under the guise of a client and the extraction of client data. For example, in 2013 Citi and other U.S. financial institutions experienced distributed denial of service attacks which were intended to disrupt consumer online banking services. ...

"... because the methods used to cause cyber attacks change frequently or, in some cases, are not recognized until launched, Citi may be unable to implement effective preventive measures or proactively address these methods."

City National: "Risks and exposures related to cyber security attacks are expected to remain high for the foreseeable future due to the rapidly evolving nature and sophistication of these threats, as well as due to the expanding use of Internet banking, mobile banking and other technology-based products and services by us and our clients."

First Merit: "Cyber threats are increasing, and are a focus of our regulators, who are increasingly emphasizing cyber security."

OFG Bancorp: "Though we have insurance against some cyber-risks and attacks, it may not be sufficient to offset the impact of a material loss event."

PNC: "We are faced with ongoing efforts by others to breach data security at financial institutions or with respect to financial transactions. Some of these involve efforts to enter our systems directly by going through or around our security protections. Others involve the use of schemes such as 'phishing' to gain access to identifying customer information, often from customers themselves."

Royal Bank of Scotland: "During 2013, the Group experienced a number of IT failures following a series of deliberate attacks which temporarily prevented RBS, RBS Citizens and NatWest customers from accessing their accounts or making payments. The Bank of England, the (Financial Conduct Authority) and HM Treasury have identified cyber security as a systemic risk to the UK financial sector and highlighted the need for financial institutions to improve resilience to cyber-attacks."

Voya Financial: "Although we have not yet suffered such an incident of any materiality, we could be the subject of such an attack, and, although we seek to limit our vulnerability to such events through technological and other means, it is not possible to anticipate all potential forms of cyberattack or to guarantee our ability to fully defend against all such attacks."

Wells Fargo: "Wells Fargo and reportedly other financial institutions continue to be the target of various evolving and adaptive denial-of-service or other cyber attacks as part of what appears to be a coordinated effort to disrupt the operations of financial institutions and potentially test their cybersecurity capabilities. Wells Fargo has not experienced any material losses relating to these or other cyber attacks."

Featured Weekly Ad