Report: Financial firms still losing customer data to malware and hackers

Capital One mega breach in March 2019 was the third worst data loss ever.

The biggest cybersecurity risks in the financial services industry Ransomware, SQL injection attacks, and cross-site scripting are also serious cybersecurity risks for banks and brokerage firms, according to a new study.

Hackers still have the upper hand in the cyberwar on banks and financial institutions, according to a new cybersecurity report from Bitglass. Bitglass compiled data from the Identity Theft Resource Center and the Ponemon Institute to measure the impact of data breaches in the financial industry.

Financial services companies don't often lose control of their data, but when it happens the hit is significant. Business and healthcare firms are much more likely to have a breach with 42% and 36% of all breaches occurring in those sectors. Financial companies were responsible for only 7% of breaches in 2019 but 62% of lost records, due to the Capital One mega breach, which exposed more than 1 million records. 

SEE: The 10 most important cyberattacks of the decade (free PDF) (TechRepublic)

Hacking and malware caused 75% of all the breaches, but accidental disclosures and insider threats are both up over 2018. Bitglass warns that for organizations that struggle with implementing proper security measures, moving to the cloud will lead to even more risk from both those factors.

Bitglass found that many big brands in financial services --American Express, SunTrust Bank, Capital One, Discover-- have had multiple breaches. American Express lost data in 2009, 2012, 2013, 2014, and 2019, while Capital One lost data four times in the last eight years. Capital One lost data from 106 million people in March 2019, making it the third largest breach recorded in US history.

The cost of a breach is growing as well--up to $210 per record for an average breach and $388 for a mega breach. 

Anurag Kahol, CTO of Bitglass, said financial services companies must adopt a proactive security strategy to protect customer data.

"Hacking and malware are leading the charge against financial services and the costs associated with breaches are growing," Kahol said.

Also see

screen-shot-2019-12-16-at-3-59-21-pm.png

Bitglass found that financial services firms have not learned many security lessons from past data breaches.

Image: Bitglass