As cybersecurity concerns grow throughout corporate finance, hackers continue to target financial institutions with some success. According to a research report conducted by Proxy, modern data breaches targeting large-scale financial institutions that have underdeveloped cybersecurity protocols remain consistent.
The combination of new technology, complex supply chains, and the digitization of banking and commerce have required companies in all industries to deal with unprecedented amounts of data. With information on bank accounts, credit cards, retirement funds, and other data in their systems, financial institutions are a prime target for hackers.
This year has been filled with data breaches across industries. Breaches resulting in millions of user records and costing the target millions of dollars have occurred. The Red Cross, NFT platform OpenSea, Cash App, and the Texas Department of Insurance all had major cybersecurity issues this year.
Hackers are making major headway in breaching extremely large organizations at an international level. Australia’s largest healthcare provider, Medibank, is currently in an ugly battle with hackers. After refusing to pay ransom for stolen data on 9.7 million customers early this month, Medibank is now watching its customer data begin to show up on the dark web.
The most recent high of 34 breaches was recorded in 2011, but 2019 and 2020 followed closely behind with 30 and 31 incidents, respectively.
Over one-third of CFOs recently said cybersecurity is their highest concern, according to a Jefferson Wells survey, and the data shows their concerns are justified. Despite improvements in cybersecurity software over the past decade, Proxy research shows annual breach numbers have remained elevated.
The most recent high of 34 breaches was recorded in 2011, but 2019 and 2020 followed closely behind with 30 and 31 incidents, respectively. According to findings, 356 breaches, each having 30,000 or more records being stolen or compromised, have occurred since 2004.
Data breaches can have a detrimental impact on a company outside of sensitive information being leaked. Breaches often result in operational downtime, expensive litigation, and bad press.
Alongside the financial industry, government, retail, and tech have their own struggles protecting their data. The most exposed industries, web-based and health care, experienced a combined 100 hacks in which more than 30,000 records were stolen or compromised.
Since 2004, Proxy found, high-ranking companies like CitiGroup, TD Ameritrade, and JP Morgan Chase were the top targeted financial institutions. While Facebook and AOL had the most attacks overall since 2004, familiar companies like AT&T, Bethesda, and Marriott also had major breaches.
The How of Infiltrations
Proxy research shows that the most common method by which data breaches occur is hacking, which accounted for more than half (54%) of cybersecurity issues since 2004. That was followed by poor security (second) and lost or stolen media (third). Those two less egregious methods caused 44 and 33 breaches (12% and 9%) in the past 18 years, respectively.
Other common methods for data breaches of note that executives should be aware of are the accidental publishing of unwanted information; lost or stolen hardware; and improper settings on company devices that make them vulnerable. Hackers can leverage these mishaps.
Despite the ease with which some data can be accessed, "inside jobs" were rare — less than 7% of the data breaches quantified by Proxy occurred from them.
The costs associated with getting hacked can be tremendous. Equifax’s 2017 breach not only saw the data of 160 million customers fall into the hands of hackers, but the incident lowered credit reporting firm's valuation by nearly $4 billion. For publicly traded companies, a breach can be exponentially more damaging, as both information and integrity are stolen from the company and its shareholders.
Speaking to CFO in September, Stephen Ritter, CTO at Mitek Technology Systems, said if a company wants to avoid breach-induced-catastrophe, executives must view cybersecurity as more than just another area that needs budget dollars.
“The most important thing to keep in mind is that security should be thought of as part of your brand,” Ritter said. “Cybersecurity is unfortunately no longer an option, but an essential element of any organization’s infrastructure.”