Financial Services Cyber Breaches
By Harry J. Lew
The popular image of hackers in foreign lands stealing customer data chills the blood of agents, advisors, and insurer company executives alike. However, even though the threat of malicious attacks remains high, there’s an equally high risk of self-inflicted wounds, according to Beazley Breach Response (BBR), a unit of Beazley plc that helps firms recover from the aftermath of a cyber-breach.
According to the July 2017 edition of Beazley Breach Insights, malware and hacking were the leading cyber-breach causes in the first half of 2017, representing 32 percent of the 1,330 incidents that BBR helped to remediate. However, breaches caused by employee or third-party vendor mistakes were all too common, accounting for 30 percent of all breaches, only slightly behind malware or hacking breaches.
In terms of the financial services industry, BBR found that hacks or malware accounted for 44 percent of incidents, followed by social engineering (where hostile actors trick employees into violating security) at 18 percent, and insider data thefts or payment card fraud, together accounting for 4 percent of the incidents. However, “the human factor”—where people make innocent mistakes that result in breaches—accounted for 31 percent of the events. These break down as follows:
- Portable device losses – 12 percent
- Unintended disclosure – 14 percent
- Physical loss/non-electronic record – 5 percent
Finally, in the financial-services industry, three percent of the data breaches were due to unknown or other causes, BBR said.
The fact that breaches are still occurring at a high rate, especially those resulting from human error, suggests companies have yet to implement adequate safeguards. “Since 2014,” the Beazley report noted, “the number of accidental breaches reported to Beazley’s team has shown no sign of diminishing. As more stringent regulatory environments become the norm, this failure to act puts organizations at greater risk of regulatory sanctions and financial penalties.”
Implication for NAPA Members? Don’t let down your cyber guard. Continue to assess your risks, build and periodically update a cyber-response plan, and stress test your defenses frequently. You may not own or manage a large insurance business, but if you have even one computer connected to the Internet, you’re at risk. Don’t let a breach happen to you.
For more information about NAPA’s Cyber Liability and Data Breach Insurance, please go here.