Financial Services Data Breaches: More Pain Ahead?

Banks, like most industries, are undergoing profound digital transformations. They’re trying to compete, lower business risk, and cut costs from their business operations.

According to HTF Market Intelligence, cyberattacks against financial services firms increased by over 70% in 2017, which reflects that the financial services sector is currently vulnerable to such attacks. In the future, according to HTF, the adoption of effective cyber security controls will become a necessity to reduce cyberattacks and the illegal use of systems, networks and technical services. According to Netscribes, the global cybersecurity in financial services market is expected to expand 9.8% annually, leading to global revenue of nearly $43 billion by 2023. 

A survey published earlier this year, Modern Bank Heists: The Bank Robbery Shifts to Cyberspace, found that banks certainly believe they are being attacked more. According to that survey, 67% of financial institutions reported an 67% increase in attacks within the past 12 months. Further, 79% of those surveyed said cybercriminals have become more sophisticated.

Interestingly, 26% of surveyed financial institutions said they were targeted by attacks that aimed to destroy information assets. Rather than seeking financial gain, “these attacks are launched to be punitive by destroying data. Of note, this figure represents an 160% increase over 2018 suggesting the “bank heist” is evolving into a hostage situation,” the report states.

According to an older report from web security vendor Websense, “financial services firms are hit by security incidents a staggering 300 times more frequently than businesses in other industries, with attack patterns changing frequently to outwit IT pros.”

In Websense’s 2015 Industry Drill Down Report, attacks aimed at the financial sector outnumbered other industries by three to one.  

Chances are, not only are attacks on the financial sector likely to increase — but the number of successful attacks is also likely to increase. This is largely because the financial services sector is undergoing tremendous digital transformation and we will see considerable changes in the years ahead. When new systems, technologies, and ways of doing things arise, and these systems specifically increase automation and the rate of change, increased complexity and mistakes are to be expected.

Consider the recent Capital One breach. This breach, which exposed personal financial information on more than 100 million Capital One customers and credit applicants, shows how, even with relatively modest mistakes, an attacker can manage to get through a misconfigured web application firewall and exploit credentials, and access cloud storage buckets that contained the sensitive information.

In the year ahead you’re going to see more emphasis on mobile banking, payments, and online services. And in many cases it won’t necessarily be from the large established banks, but many local and regional banks who have yet to build the online and mobile banking services they need. As we recently saw, many banks around the world are woefully insecure when it comes to their application security.

The financial services market broad digital transformation efforts will also focus on continued move to modern cloud infrastructure, readying data for use in machine learning systems, streamlining processes with robotic process automation, and striving to improve the customer experience.

The rush to digitally transform could very possibly increase the rate of data breaches. And for financial services firms these data breaches tend to be more costly than other industries. The Ponemon Institute found, in a recent report, that within the United States the average cost of a data breach reaches just over $7 million. In the financial sector, however, those costs are much higher. In the financial sector, the average cost per breached record is about $225, in the financial sector it was $336.

We can expect increased breaches in the financial sector, as the sector continues to move forward with their digital transformations, move old systems to new cloud systems, and provide customers and partners with more digital workflows. It’s just more likely to happen than not. Does this mean we’d expect a rash of financial sector breaches? Probably not. But we’re likely to see more like the Capital One breach as the pace of business in financial services increases and this industry tries new technologies and business models.