Beazley sees hacking and malware threat growing for financial institutions
Beazley, a leading provider of data breach response insurance, today released its Beazley Breach Insights - July 2016 findings based on its response to client data breaches in the first six months of 2016. The specialized Beazley Breach Response (BBR) Services unit noted a sharp increase in hacking and malware attacks on financial institutions in the first six months of 2016, particularly those aimed at small banks and credit unions. There was a consistent level of hacks in the healthcare, higher education and retail sectors compared to 2015.
During the first half of 2016, Beazley's BBR Services division managed 955 data breaches on behalf of clients, compared to 611 breaches during the same period last year. Financial institutions incurred 139 of these breaches, with breaches deriving from hacking and malware attacks being particularly common at institutions with revenues below $35 million.
- The proportion of data breaches deriving from hacking and malware attacks in the first six months of this year across all industries in Beazley's portfolio stood at 31%, in line with the percentage of such incidents observed in 2015 (32%).
- Financial institutions reported a sharp increase in hacking and malware as a proportion of total breaches. In 2015, hacking and malware attacks accounted for 27% of the breaches Beazley handled for financial institutions; in the first half of this year, that rose to 43%.
- Banks and credit unions with less than $35 million in annual revenues accounted for 81% of hacking and malware breaches at financial institutions in 2016, a major increase over the 54% of incidents in this industry they represented in 2015.
- Higher education institutions continued to see a high proportion of breaches due to hacking or malware, with these accounting for 46% of industry breaches in the first half of 2015, up from 35% in 2015.
- Within healthcare organizations, breaches caused by unintended disclosure represented 42% of all industry incidents in 2016 to date, a sharp rise from 30% in 2015. This is connected to the large amount of information shared between organizations in this industry. 17% of healthcare breaches were caused by hacking or malware in 2016, down from 27% in 2015.
- The rate of hacking and malware in the retail industry remained high, accounting for 49% of all retail data breaches handled by BBR Services in 2016, compared to 55% in 2015.
- Ransomware attacks continue to increase, with twice as many attacks in the first six months of 2016 (86) than Beazley handled in all of 2015 (43).
"The persistent high levels of hacking and malware attacks are a reminder that all organizations in all industries need to have plans ready to respond when a breach occurs," said Katherine Keefe, global head of BBR Services. "The large increase we've observed in hacks aimed at financial institutions is noteworthy. Smaller banks and credit unions that typically have fewer defenses against these breaches are becoming bigger targets and need to be prepared."
Ms Keefe recommended that financial institutions bolster their technology defenses as well as the training afforded to employees on cyber security and threat awareness. "There is a lot they can do to protect themselves," she said, "but the sobering reality is that not every breach can be prevented and businesses - including financial institutions - should have robust plans for managing breaches should they occur."
Read the Beazley Breach Insights - July 2016 report.
About Beazley Breach Response (BBR)
Beazley has helped clients handle more than 4,000 data breaches since the launch of Beazley Breach Response in 2009 and is the only insurer with a dedicated in-house team focusing exclusively on helping clients handle data breaches. Beazley's BBR Services team coordinates the expert forensic, legal, notification and credit monitoring services that clients need to satisfy all legal requirements and maintain customer confidence. In addition to coordinating data breach response, BBR Services maintains and develops Beazley's suite of risk management services, designed to minimize the risk of a data breach occurring.