Financial services leaders are well aware of today's security risks, with the CEO of JP Morgan Chase & Co telling shareholders that cybersecurity "may very well be the biggest threat to U.S. financial systems." Companies are investing vast amounts of money to address these threats – for example, Bank of America's security team has an unlimited budget. However, there are critical areas that many financial services organizations overlook: Password reuse and compromised passwords.

The average employee knows better than to reuse passwords across work and personal-use sites, but the human desire for convenience and efficiency will trump this knowledge every time. Case in point:

• A 2019 Google survey found that 65% of people reuse the same password for numerous or all of their accounts.
• Another study from LogMeIn discovered that 62% of employees reuse the same password for both corporate and personal accounts.

A cybercriminal can obtain a password from a data breach on one site. Then, because of password reuse, they can use that same password to access other sites and systems, including the sensitive accounts of financial services employees. This in turn can create another data breach and result in significant financial harm to an organization. Juniper Research predicted that by 2024, global organizations will face $5 trillion in breach costs, recovery fees and damages – up from approximately $3 trillion today, not to mention harder-to-measure damage to brand reputation and account holder attrition.