The cost of a cybersecurity incident to a financial institution in the U.S. can be as much as $1,165,000, according to new data from Kaspersky Lab Financial Institutions Security Risks 2016.

Worldwide, financial firms face losses of nearly that much ($926,000) for each cybersecurity incident.

Kaspersky highlighted the three costliest types of incidents for FIs: threats that exploit vulnerabilities in point-of-sale systems ($2,086,000); attacks on mobile devices ($1,641,000); and targeted attacks ($1,305,000).

The data also showed that 63 percent of organizations believe compliance with rules and regulations does not guarantee security for their increasingly complex infrastructure, which can easily involve 10,000 end-user devices -- roughly half of which are mobile smartphones and tablets.

The majority of financial firms surveyed by Kaspersky said they plan to put better strategies in place to ward off future incidents; a full 83 percent said they expect an increase in their IT security budgets in the next two years.

Kaspersky Lab experts recommend five key considerations for security strategies: Beware of targeted attacks: Targeted attacks on financial organizations are likely to be conducted through third parties or contractors. These companies might have weaker or nonexistent protection and can be used as an entry point for malware or a phishing attempt.

1. Ask questions about the security of third parties or contractors you decide to do business with.

2. Do not underestimate less sophisticated threats: Fraudsters can strike at mass and benefit from the scale using simplest tools. In some cases, social engineering may contribute to more fraudulent incidents than malware.

3. Do not pick compliance over protection: Budgets are usually allocated in favor of compliance, but strengthening security and introducing new protection technologies requires a more balanced approach to the allocation of resources.

4. Do regular penetration testing: Unseen vulnerabilities are still real. Implement sophisticated detection tools and penetration testing to identify vulnerabilities and incidents. Keep your eyes open to all weaknesses and threats.

5. Pay attention to insider threats: Employees can be exploited by (or even turned into) cybercriminals. Effective security strategies should include techniques that can detect suspicious activity within organizations.