Financial Services Report Five-Fold Rise In Data Breaches

Financial services companies reported a five-fold rise in data breaches last year over the year before, as banks remain a lucrative target for hackers.

The sector reported 145 breaches to the Financial Conduct Authority (FCA) last year, up from 25 in 2017.

Investment banks reported the highest number of incidents, at 34, up from only three the previous year.

But retail banks saw the highest increase in percentage terms, from 1 to 25, according to data acquired by law firm RPC via a freedom of information request.

Sensitive data

RPC said hackers could be targeting investment banks in the belief that their security systems are less sophisticated than those of retail banks.

But they may also be seeking data on sensitive topics such as mergers and acquisitions that could be used for insider trading.

US regulator the SEC, for instance, is investigating a number of insider dealing cases linked to data breaches.

Insurers reported 33 breaches in 2018, up from seven in 2017, while consumer retail lending firms saw reports go from four to 21.

Retail investments firms reported 11 in 2018, up from none the previous year.

Regulatory shift

RPC said the higher number of reports was also likely to be due in part to the introduction of the GDPR, which mandates the reporting of data breaches within 72 hours.

In June of last year, for instance, the first full month in which the GDPR was in effect, financial firms filed the highest monthly total of data breach reports, at 20 reports.

RPC’s head of cyber insurance and breach response, Richard Breavington, said banks are a “top target” for hackers.

“The figures suggest that the banks are suffering data breaches on a frequent basis,” he said.

“The increase in reports, however, does show that the financial services industry is now taking cyber security more seriously than ever.”

Last April it emerged that seven UK retail banks, including Santander, Royal Bank of Scotland, Barclays and Tesco Bank, had to limit or shut down systems after sustained attacks, and in October Tesco Bank was fined £16.4 million by the FCA following a 2016 hack in which £2.26m was stolen from current accounts.

RPC’s Breavington said fewer than 100 cybercriminals were prosecuted under the Computer Misuse Act annually, compared to much higher numbers of cyber-crimes being reported across all industries, showing how the area is relatively attractive for hackers.