Hacking and malware cause 75% of all data breaches in financial services sector

Bitglass has released its 2019 Financial Breach Report: The Financial Matrix. Each Year, Bitglass analyses the latest trends, the biggest breaches and the foremost threats facing financial services organisations. This year’s study finds that only 6% of all breaches in 2019 were suffered by financial services firms. However, these breaches compromised significantly more records than those that occurred in other industries.

In total, more than 60% of all leaked records in 2019 were exposed by financial services organisations. This is at least partially due to the Capital One mega breach, which compromised more than 100 million records. Despite this outlier, average breaches in financial services companies still tend to be larger and more detrimental than other sectors’ breaches. Fortunately, they do occur less often.

“Given that organisations in the financial services industry are entrusted with highly valuable personally identifiable information, they represent an attractive target for cyber criminals,” said Anurag Kahol, CTO of Bitglass. “Hacking and malware are leading the charge against financial services and the costs associated with breaches are growing. Financial services organisations must adopt a proactive security strategy if they are to properly protect data from an evolving variety of threats.” 

Key findings

*Hacking and malware remain the primary cause of data breaches in financial services at 74.5% (up slightly from 73.5% in 2018). Insider threats grew from 2.9% in 2018 to 5.5%, while accidental disclosures increased from 14.7% to 18.2%

*The cost per average breached record in financial services (£160) has increased over the last few years and exceeds the per-breached-record cost of all other industries except healthcare (£328)

*For mega breaches, which affect approximately 100 million or more individuals, the cost per breached record in financial services is now £296 (up from £267 in 2018).

*Many financial services organisations are still not taking proper steps to secure data in the modern cloud and Bring Your Own Device (BYOD) environment. Consequently, they’re suffering from recurring breaches. For example, Capital One and Discover each experienced their fourth significant data breach in 2019

*The top three breaches of financial services firms in 2019 were suffered by the Capital One Financial Corporation (106 million individuals), Centerstone Insurance and Financial Services (111,589) and the Nassau Educators Federal Credit Union (86,773)

To learn more about the present state of play in relation to cyber security within the financial services industry, download the full report https://pages.bitglass.com/CD-FY19Q4TheFinancialMatrixBitglass2019FinancialBreachReport_LP.html

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts