A new report says that hacking and malware cause 75% of all data breaches in the financial services industry.

The 2019 Financial Breach Report: The Financial Matrix by Bitglass found that only 6% of all breaches in 2019 were suffered by financial services firms. However, these breaches compromised significantly more records than those that occurred in other industries. In total, more than 60% of all leaked records in 2019 were exposed by financial services organizations. This is at least partially due to the Capital One mega breach, which compromised more than 100 million records. Despite this outlier, average breaches in financial services companies still tend to be larger and more detrimental than other sectors’ breaches. Fortunately, they do occur less often.

“Given that organizations in the financial services industry are entrusted with highly valuable, personally identifiable information (PII), they represent an attractive target for cybercriminals,” said Anurag Kahol, CTO of Bitglass. “Hacking and malware are leading the charge against financial services and the costs associated with breaches are growing. Financial services organizations must get a handle on data breaches and adopt a proactive security strategy if they are to properly protect data from an evolving variety of threats.”

Key Findings from the report include:

  • Hacking and Malware remain the primary cause of data breaches in financial services at 74.5% (up slightly from 73.5% in 2018). Insider Threats grew from 2.9% in 2018 to 5.5% today, while Accidental Disclosures increased from 14.7% to 18.2%.
  • The cost per average breached record in financial services ($210) has increased over the last few years and exceeds the per-breached-record cost of all other industries except healthcare ($429).
  • For mega breaches, which affect approximately 100M or more individuals, the cost per breached record in financial services is now $388 – up from $350 in 2018.
  • Many financial services organizations are still not taking proper steps to secure data in our modern cloud and BYOD environment. Consequently, they are suffering from recurring breaches. For example, Capital One and Discover each experienced their fourth significant data breach in 2019.
  • The top three breaches of financial services firms in 2019 were suffered by Capital One Financial Corporation (106 million individuals), Centerstone Insurance and Financial Services (111,589), and Nassau Educators Federal Credit Union (86,773).

The full report is available here.