Financial Services Report Five-Fold Rise In Data Breaches

Financial services companies reported a five-fold rise in data breaches last year over the year before, as banks remain a lucrative target for hackers.

The sector reported 145 breaches to the Financial Conduct Authority (FCA) last year, up from 25 in 2017.

Investment banks reported the highest number of incidents, at 34, up from only three the previous year.

But retail banks saw the highest increase in percentage terms, from 1 to 25, according to data acquired by law firm RPC via a freedom of information request.

Sensitive data

RPC said hackers could be targeting investment banks in the belief that their security systems are less sophisticated than those of retail banks.

But they may also be seeking data on sensitive topics such as mergers and acquisitions that could be used for insider trading.

US regulator the SEC, for instance, is investigating a number of insider dealing cases linked to data breaches.

Insurers reported 33 breaches in 2018, up from seven in 2017, while consumer retail lending firms saw reports go from four to 21.

Retail investments firms reported 11 in 2018, up from none the previous year.

Regulatory shift

RPC said the higher number of reports was also likely to be due in part to the introduction of the GDPR, which mandates the reporting of data breaches within 72 hours.

In June of last year, for instance, the first full month in which the GDPR was in effect, financial firms filed the highest monthly total of data breach reports, at 20 reports.

RPC’s head of cyber insurance and breach response, Richard Breavington, said banks are a “top target” for hackers.

“The figures suggest that the banks are suffering data breaches on a frequent basis,” he said.

“The increase in reports, however, does show that the financial services industry is now taking cyber security more seriously than ever.”

Last April it emerged that seven UK retail banks, including Santander, Royal Bank of Scotland, Barclays and Tesco Bank, had to limit or shut down systems after sustained attacks, and in October Tesco Bank was fined £16.4 million by the FCA following a 2016 hack in which £2.26m was stolen from current accounts.

RPC’s Breavington said fewer than 100 cybercriminals were prosecuted under the Computer Misuse Act annually, compared to much higher numbers of cyber-crimes being reported across all industries, showing how the area is relatively attractive for hackers.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

NHS Covid-19 Tracing App For England, Wales, Nears Launch

Date for limited rollout of delayed NHS track and trace app for England and Wales…

3 days ago

Coronavirus: Facebook Staff To Work From Home Until July 2021

Facebook follows Google lead by extending right of staffers to work from home until July…

3 days ago

Canon Suffers Ransomware Attack, With 10TB Of Data Stolen – Report

Report suggests Canon has been crippled with a ransomware attack with allegedly 10TB of data,…

4 days ago

Uber Expands UK Reach With Autocab Buy

Amid consolidation in the taxi sector caused by Coronavirus lockdown, Uber purchases British rival Autocab…

4 days ago

TikTok Selects Ireland For First European Data Centre

Ireland to get another data centre after the Chinese-owned short video app TikTok announces first…

4 days ago