Beazley: Hacking, Malware Threat Increasing for Financial Institutions
Financial institutions are increasingly being targeted by hackers, according to the latest Beazley Breach Insights – July 2016 findings based on its response to client data breaches in the first six months of 2016.
A provider of data breach response insurance, the company’s specialized Beazley Breach Response (BBR) Services unit noted a sharp increase in hacking and malware attacks on financial institutions in the first six months of 2016, particularly those aimed at small banks and credit unions. There was a consistent level of hacks in the healthcare, higher education and retail sectors compared to 2015.
During the first half of 2016, Beazley’s BBR Services division managed 955 data breaches on behalf of clients, compared to 611 breaches during the same period last year. Financial institutions incurred 139 of these breaches, with breaches deriving from hacking and malware attacks being particularly common at institutions with revenues below $35 million.
Key finidngs:
- The proportion of data breaches deriving from hacking and malware attacks in the first six months of this year across all industries in Beazley’s portfolio stood at 31%, in line with the percentage of such incidents observed in 2015 (32 percent).
- Financial institutions reported a sharp increase in hacking and malware as a proportion of total breaches. In 2015, hacking and malware attacks accounted for 27 percent of the breaches Beazley handled for financial institutions; in the first half of this year, that rose to 43 percent.
- Banks and credit unions with less than $35 million in annual revenues accounted for 81 percent of hacking and malware breaches at financial institutions in 2016, a major increase over the 54 percent of incidents in this industry they represented in 2015.Higher education institutions continued to see a high proportion of breaches due to hacking or malware, with these accounting for 46 percent of industry breaches in the first half of 2015, up from 35 percent in 2015.
- Within healthcare organizations, breaches caused by unintended disclosure represented 42 percent of all industry incidents in 2016 to date, a sharp rise from 30 percent in 2015. This is connected to the large amount of information shared between organizations in this industry. Nearly 17 percent of healthcare breaches were caused by hacking or malware in 2016, down from 27 percent in 2015.
- The rate of hacking and malware in the retail industry remained high, accounting for 49 percent of all retail data breaches handled by BBR Services in 2016, compared to 55 percent in 2015.
- Ransomware attacks continue to increase, with twice as many attacks in the first six months of 2016 (86) than Beazley handled in all of 2015 (43).
“The persistent high levels of hacking and malware attacks are a reminder that all organizations in all industries need to have plans ready to respond when a breach occurs,” said Katherine Keefe, global head of BBR Services. “The large increase we’ve observed in hacks aimed at financial institutions is noteworthy. Smaller banks and credit unions that typically have fewer defenses against these breaches are becoming bigger targets and need to be prepared.”
Keefe recommended that financial institutions bolster their technology defenses as well as the training afforded to employees on cyber security and threat awareness.
“There is a lot they can do to protect themselves,” she said, “but the sobering reality is that not every breach can be prevented and businesses – including financial institutions – should have robust plans for managing breaches should they occur.”
Source: Beazley