Financial and Insurance

  • Summary

    Almost half of the breaches in this vertical were caused by Internal actors committing various types of Errors, with Misdelivery being chief among them. The Financial sector frequently faces credential and Ransomware attacks from External actors.


    721 incidents, 467 with confirmed data disclosure

    Top Patterns

    Miscellaneous Errors, Basic Web Application Attacks, and Social Engineering represent 81% of breaches

    Threat Actors

    External (56%), Internal (44%), Multiple (1%), Partner (1%) (breaches)

    Actor Motives

    Financial (96%), Espionage (3%), Grudge (2%), Fun (1%), Ideology (1%) (breaches)

    Data compromised

    Personal (83%), Bank (33%), Credentials (32%), Other (21%) (breaches)

    Top IG1 Protective Controls

    Security Awareness and Skills Training (14), Secure Configuration of Enterprise Assets and Software (4), Access Control Management (6)

  • The Financial Services industry has long been known for rapid changes, including sudden dips, dizzying highs, and unforeseen fluctuations (thanks, Reddit users). This vertical has seen quite a diverse set of changes when it comes to the cybersecurity landscape as well. One that we have seen over the last few years has been a convergence of Internal actors and their associated actions with the more famous and nefarious External varieties. 

    This year 44% of the breaches in this vertical were caused by Internal actors (having seen a slow but steady increase since 2017) (Figure 104). The majority of actions performed by these folks are the accidental ones, specifically the sending of emails to the wrong people, which represents a whopping 55% of all Error-based breaches (and 13% of all breaches for the year).

    When we turn our attention to malicious External actors, the Financial industry faces a similar onslaught of credential attacks, phishing and ransomware attacks that we see topping the charts in other industries. With regard to data type, Personal comes in first, followed by Credentials and Bank data, hardly surprising given the focus of the industry. 

    Finally, this industry continues to be heavily reliant upon external parties for breach discovery. Typically, via bad actors making themselves known (38% of the incidents) or notification from monitoring services (36% of incidents).

  • Figure

Let's get started.