The number of data breaches reported by UK financial services firms to the Financial Conduct Authority (FCA) increased 480 percent in 2018. The retail banking sector saw the largest percentage increase in the number of data breaches; rising from only one in 2017 to 25 in 2018.
Financial Services: An Easy Target
It appears cybercriminals are targeting investment banks in a belief that their cybersecurity measures are less sophisticated than those of retail banks. Furthermore, the stakes are potentially a lot higher. Data stored by investment banks can be used for insider trading; such is the case the SEC is currently facing. In the United States, the SEC is pursuing a number of insider trading cases that relate to data breaches.
Other financial services sectors also saw a large increase in the number of data breaches throughout 2018.
- Insurance Companies: 33 data breaches in 2018 compared to seven in 2017
- Consumer Retail Lending: 21 data breaches in 2018, up from four in 2017
- Retail Investments: 11 data breaches in 2018 – zero in 2017
GDPR Ensures Financial Sector Takes Cybersecurity Seriously
June 2018 marked the beginning of the General Data Protection Regulation (GDPR), a set of rules designed to give the European Union (EU) citizens more control over their personal data. In terms of compliance, GDPR requires organizations to ensure that personal data is gathered legally and under strict conditions. Furthermore, it requires those who collect and manage the data to protect it from misuse and exploitation, as well as to respect the rights of data owners, or face penalties for not doing so. Another major change GDPR brought is providing consumers with the right to know when their data has been hacked. Organizations are required to notify the appropriate national bodies as soon as possible in order to ensure EU citizens can take appropriate measures to prevent their data from being abused.
How does this pertain to the increase in the number of data breaches? In the first month after GDPR was implemented, the financial services sector saw the highest monthly total of data breach reports. Meaning, financial services firms are abiding by the compliance regulations to avoid hefty fines should they break compliance.
“The increase in reports, however, does show that the financial services industry is taking cybersecurity more seriously than ever,” commented Richard Breavington, a partner at the law firm RPC and head of their Cyber Insurance and Breach Response team. “The financial and reputational fallout from a data breach can be serious for a business of any size. They must be ready to defend against – and respond to – breaches as efficiently as possible.”
Photo courtesy of Lepide