View a one-page infographic summary of the analysis

Traditionally, banking has maintained a reputation for having one of the most mature and collaborative approaches to cybersecurity. However, in the current climate of the cost-of-living crisis, which has heightened public financial awareness and, consequently, opportunities for fraud, hackers are swiftly embracing emerging technologies to devise new methods for breaching defences.

Cybersecurity is now the biggest reputational challenge for banking

Banks have found themselves more exposed to hackers in recent years because of their digital transformation and move to cloud computing. Cybersecurity has risen to the top of the list of near-term risks for banks around the world, according to the latest EY and Institute of International Finance (IIF) bank risk management survey. And according to IBM reports, the finance and insurance sector proved a top target for cybersecurity threats, while the global average cost of a data breach in 2023 was $4.45 million, 15% more than in 2020. 

However, our media analysis of 1,680 English-language articles published in 2023 revealed that cybersecurity issues can cost banks something more valuable than dollars and cents – their reputation. The perception of poor security measures can lead clients to doubt the organisation’s ability to safeguard their sensitive information, potentially causing customer churn. From a stakeholder’s perspective, negative media coverage amplifies the impact, eroding the organisation’s credibility. Extending beyond the immediate aftermath, breaches can massively influence customer decisions, partnership opportunities, and market sentiment.

Phishing attacks gain increasing media attention

Our analysis indicated that phishing attacks and social engineering scams are garnering the most media traction, largely driven by numerous articles featuring testimonies from consumers who have fallen victim to these schemes.

Natwest emerged as the most influential organisation in our analysis, as many media reports focused on how fraudsters are impersonating the bank by sending out a phishing email that claims the phone number on your account has been changed.

Meanwhile, Santander ranked first with the most reported risk of customers being a victim of fraud in a widely publicised study by VPN Overview.

And banks like Barclays, HSBC, and Lloyds are facing a growing threat to their brand reputations due to the proliferation of fake phishing websites that exploit their branding. Despite efforts to combat these threats, data reveals a clear rise in illegitimate web domain registrations related to these banks since October 2022, coinciding with the cost-of-living crisis.

It’s not just traditional legacy banks that are finding themselves under media scrutiny when it comes to cybersecurity; digital-first neobanks are also part of the growing conversation.

For instance, many outlets reported how scammers have exploited Revolut‘s system, using spoofed phone numbers to trick customers into giving away one-time passcodes for Apple Pay, and then draining their accounts. Meanwhile, a shocking incident where a small business owner lost her life savings of $160,000 due to a scam mimicking Chase Bank‘s caller ID has raised serious questions about the bank’s cybersecurity measures.

To make things worse, leading security experts, such as Rob Jones, director-general of the National Economic Crime Centre, security engineering professor Ross Anderson, and Dr Klaus Schenk, senior vice president of security at Verimatrix are frequently cited by the media as saying that banks are undermining their own reputations for cybersecurity by denying the existence of vulnerabilities. Some of these commentators were among the most influential spokespeople in the debate:

Banking’s crisis PR is ill-equipped for today’s challenges

Our analysis reveals a concerning trend among both legacy banks and digital-first neobanks – many of them often resort to issuing generic and defensive statements in the face of cyberattacks. In analysing how the media framed financial services’ responses to cyber incidents, we found that PR professionals working in banking often appear to perceive crisis communications as merely issuing a blanket press release.

In many cases of phishing scams, companies frequently blame the victims for not taking adequate precautions to protect their privacy, instead of taking responsibility or providing constructive solutions. Such a response is especially damaging to the reputation of neobanks, which market themselves as more customer-centric alternatives to traditional banks. This victim-blaming not only alienates current customers but also undermines trust among potential consumers, causing long-term harm to the brand’s reputation.

Firms need a better grasp of the crisis lifecycle

After experiencing a cyber incident, issuing a blanket press release or shifting the blame onto victims’ poor security practices can exacerbate the crisis for financial brands, particularly during the cost-of-living crisis when financial matters are an especially sensitive topic for consumers. Financial services firms need to have a robust crisis communications plan that places media analytics solutions at its core, as these tools provide real-time insights into stakeholder sentiment, media traction, and the effectiveness of messaging, enabling companies to swiftly adapt their strategies and maintain control of the narrative during critical situations like cyberattacks.

Here’s how this can happen in every step of the crisis lifecycle:

  • Pre-Crisis Phase: Our analysis found that what may initially appear as a minor story about an individual losing money due to a phishing scam can quickly escalate into a full-blown crisis for the financial institution, especially as the story gains traction and is picked up by an increasing number of media outlets. That’s why PR and communications professionals working in the banking sector should constantly monitor the media landscape for blips on the radar, utilising the pre-crisis phase as an opportunity to implement preventive measures and avert an actual crisis.
  • Acute Crisis Phase: This is when the negative headlines start to pile up and the company is at risk of losing control of the narrative. Banks need to utilise thematic and message analysis to understand how the media are framing the crisis, identify which messages are gaining traction, and gauge public perception, thereby informing a more effective messaging strategy. When victims of cyberattacks are cited in the media, companies should use analytics to understand their concerns and sentiments, and address these proactively in their communications strategy.
  • Chronic Phase: This is when the crisis has been disturbing the company’s operations for a while. Stakeholder analysis at this stage can help in reassessing who needs reassurance and through what channels. Companies should map the publications, reporters, social networks, and blogs propagating the discussion. They should also categorise key influencers – cybersecurity experts, academics, analysts, public officials, etc. – into actionable segments to analyse the structural properties of the discussion and track the reputation flows.
  • Continuous Monitoring: Even when it appears that the crisis has subsided, media monitoring can help keep an eye on sentiments and discussions that may indicate lingering or resurfacing issues.

Discover how Commetric’s AI-driven and human-curated media analytics can equip your organisation with a best-in-class crisis comms plan.


Take action now!