Study: Breaches More Damaging to Financial Firms Than Other Sectors
Banks and credit unions are particularly vulnerable to cyberattacks, a new study finds.
That was one of the revelations from the 2019 “Financial Breach Report,” from Campbell, Calif.-based Bitglass, which supplies cloud security solutions. The report analyzed the latest security trends, the largest breaches and the top threats facing the financial industry.
This year’s study found in total, financial services organizations had 61.4% of all leaked records partially due to the Capital One mega breach, which compromised more than 100 million records alone. Despite this outlier, average breaches in financial services companies still tend to be larger and more detrimental than other sectors’ breaches. Breaches to finserv organizations exposed far more records than the average data breach in healthcare (23.6%), government (2.2%), education (1.4%), and business 11.1%.
“Given that organizations in the financial services industry are entrusted with highly valuable, personally identifiable information (PII), they represent an attractive target for cybercriminals,” Anurag Kahol, chief technology officer of Bitglass, said. “Hacking and malware are leading the charge against financial services and the costs associated with breaches are growing. Financial services organizations must get a handle on data breaches and adopt a proactive security strategy if they are to properly protect data from an evolving variety of threats.”
The top three breaches of financial services firms in 2019, according to the “Financial Breach Report,” were suffered by Capital One Financial Corporation (106 million individuals), Centerstone Insurance and Financial Services (111,589), and Nassau Educators Federal Credit Union, now Jovia Financial, (86,773). Jovia Financial ($3.4 billion, Westbury, N.Y.) was one of five credit unions targeted by a suspected loan fraud ring, which attempted to appropriate more than $1 million by using stolen identities to apply for loans. The other credit unions affected were Comtrust Federal Credit Union ($352 million, Chattanooga, Tenn.), Digital Credit Union ($9 billion, Marlborough, Mass.), Navy Federal Credit Union ($110 billion, Vienna, Va.), and Pentagon Federal Credit Union ($25 billion, McLean, Va.).
Among the other key findings:
- Hacking and malware remain the primary cause of data breaches in financial services at 74.5% (up slightly from 73.5% in 2018). Insider threats grew from 2.9% in 2018 to 5.5%, while accidental disclosures increased from 14.7% to 18.2%.
- The cost per average breached record in financial services ($210) increased over the last few years and exceeded the per-breached-record cost of all other industries except healthcare ($429).
- For mega breaches, which affected approximately 100 million or more individuals, the cost per breached record in financial services is now $388 – up from $350 in 2018. The cost per record for an average breach for the technology industry is $183, while the public sector is $78.
- Many financial services organizations are still not taking proper steps to secure data in the cloud and the bring-your-own-device environment. Consequently, they are suffering from recurring breaches. For example, Capital One and Discover each experienced their fourth significant data breach in 2019.