Anurag Kahol, CTO at Bitglass
While cybersecurity is now critically important in every business sector, this is particularly true in the financial services industry. Although financial institutions may vary wildly in terms of the services they offer, one thing they all have in common is the high volume of personally identifiable information (PII) that they collect from customers. This data includes home addresses, financial histories, bank details, and more. Unfortunately, the high value of this data makes it an extremely attractive target for cybercriminals, which is why financial services organisations must take significant steps to ensure it remains protected at all times. In reality, however, does the industry take its security responsibilities seriously enough? Or is it playing fast and loose with our sensitive information despite looming fines and sanctions?
A recent study by Bitglass set out to uncover the state of cybersecurity within the financial services industry. Scrutinising breaches from the past year revealed just how safe our data truly is. The study compiled data from the Identity Theft Resource Center (ITRC) and the Ponemon Institute. Each year, these organisations conduct studies that provide detailed information about data theft in US financial services organisations. Analysing their records in tandem allowed Bitglass to uncover a wide range of insights about the financial breaches that have occurred over the past twelve months. This article will look at some of the most significant findings from this study and assess the implications for customers everywhere.
Financial breaches are rare, but those that do occur can be devastating
In total, only 6.5 percent of all data breaches that occurred over the past 12 months were suffered by financial services organisations – but that doesn’t tell the whole story. That 6.5 percent of breaches accounted for a massive 61.7 percent of all leaked records. This shows that while financial services organisations don’t suffer breaches particularly often, when breaches do occur, they tend to be much larger and more detrimental than those experienced by companies in other industries.
Hacking and malware remain the biggest (but not the only) threat by far
As malware continues to evolve, it’s becoming increasingly difficult to detect and block. Consequently, the financial services industry must learn to defend against this ever-growing threat by deploying the right security tools.
Over the past 12 months, hacking and malware have remained the biggest causes of data breaches in the financial services sector by far. They are responsible for 75 percent of all incidents (up slightly from 73.5 percent in 2018). Additionally, insider threats grew from 2.9 percent in 2018 to 5.5 percent today, and accidental disclosures increased from 14.7 percent to 18.2 percent.
Unfortunately, for organisations that struggle with implementing proper security measures, rising cloud adoption will likely only exacerbate these threats. When proper security is not in place, cloud and mobile represent new attack vectors to threat actors.
Worryingly, some organisations are not learning their lessons
Maintaining proper visibility and control over data can be challenging – particularly when the appropriate cloud and mobile security solutions are not put in place. Global cloud adoption has reached 86 percent and bring your own device (BYOD) policies have found their way into 85 percent of organisations. Regardless, financial services organisations need to be more cognizant of how their data is being used. Unfortunately, some organisations are still not learning their lessons. Consequently, they are suffering from a worryingly high number of recurring breaches. Even highly-reputable banks can be found at the centre of unenviable, record-breaking breach statistics, like those that have suffered five separate breaches in the last ten years, or Capital One, which suffered four in the last seven years.
The cost of each breach is taking an increasingly large financial toll on those involved
The bad news for financial services organisations is that the cost per compromised record has been steadily increasing over the last few years, both for regular breaches as well as mega breaches (i.e. those affecting 100 million individuals or more). The 2019 cost per breached record for mega breaches is now much greater than that of average breaches, with figures standing at $388 and $210, respectively. Additionally, Ponemon notes that the cost per compromised record within financial services now exceeds that of all other industries with the exception of healthcare (which was $429). Technology came in third place at $183, while the public sector came in last at $78.
Whether it’s careless users, malicious insiders, evolving malware, advanced phishing schemes, or something else yet to be discovered, modern financial services organisations face an intimidatingly large number of threats. As guardians of some of the most sensitive customer data in any business world, it’s critical that they adopt a proactive approach to data protection and are properly equipped with the latest security technologies. Only then can they defend against the threat agents in the cyber world.
