Data breaches are on the rise. And, the financial services sector is an especially lucrative target; along with the personal data bulging healthcare sector.
In the financial services sector, the retail banking sector saw the largest percentage increase in the number of data breach reports, rising to 25 in 2018 from only one in 2017.
This should raise concerns about the number of cyber criminals targeting bank accounts. Tesco Bank, for example, was fined £16.4m by the FCA in October 2018 as a result of a cyber attack that led to £2.26m being taken from personal current accounts**.
On the other side, RPC has revealed that wholesale financial markets firms–such as investment banks–reported the most data breaches to the FCA in 2018: 34 compared to just three in 2017.
‘Cybercrime costs financial services sector more than any other industry, with breach rate tripling over past 5 years’
An easy target?
According to the research, cybercriminals could be targeting investment banks in a belief that their security systems are less sophisticated than retail banks.
And the stakes are, potentially, a lot higher: confidential data held by investment banks on areas such as M&A can be used for insider trading. In the US, for example, the SEC is pursuing a number of insider dealing cases that relate to cyber breaches.
Other sectors within financial services that saw large increases in data breach reports include:
• Insurers — 33 in 2018, up from seven in 2017
• Consumer retail lending — 21 in 2018, up from four in 2017
• Retail investments — 11 in 2018, up from none in 2017 (see below for full breakdown)
In the research RPC explains that ‘while the data suggests that financial services businesses are suffering an increasing number of cyber attacks, these businesses are also perhaps getting better at identifying and reporting those attacks.’ (Which is a good thing!)
GDPR: a positive impact
June 2018, the first month after the introduction of the General Data Protection Regulation (GDPR), saw the highest monthly total of data breach reports, with 20 data breaches reported by financial services firms.
Richard Breavington, partner at RPC and head of their Cyber Insurance and Breach Response team, says: “Banks remain a top target for cybercriminals. The figures suggest that the banks are suffering data breaches on a frequent basis.”
The financial impact of data breaches is just the beginning
“The increase in reports, however, does show that the financial services industry is now taking cyber security more seriously than ever. The financial and reputational fallout from a data breach can be serious for a business of any size. They must be ready to defend against — and respond to — breaches as efficiently as possible.”
RPC says that insurance against data breaches is one of the fastest growing areas of the insurance industry
* FCA data, year-end December 31 2018
** FCA