Almost half of the breaches in this vertical were caused by Internal actors committing various types of Errors, with Misdelivery being chief among them. The Financial sector frequently faces credential and Ransomware attacks from External actors.
721 incidents, 467 with confirmed data disclosure
Miscellaneous Errors, Basic Web Application Attacks, and Social Engineering represent 81% of breaches
External (56%), Internal (44%), Multiple (1%), Partner (1%) (breaches)
Financial (96%), Espionage (3%), Grudge (2%), Fun (1%), Ideology (1%) (breaches)
Personal (83%), Bank (33%), Credentials (32%), Other (21%) (breaches)
Top IG1 Protective Controls
Security Awareness and Skills Training (14), Secure Configuration of Enterprise Assets and Software (4), Access Control Management (6)
Financial and Insurance
- 2021 DBIR
- DBIR Master's Guide
- Results and Analysis
- Incident Classification Patterns
- Data Breach Statistics By Industry
- Accommodation Food Services
- Entertainment Data Breaches
- Educational Services Data Breaches
- Financial Services Data Breaches
- Healthcare Data Breaches Security
- Information Industry Data Breaches
- Manufacturing Data Breaches
- Energy Utilities Data Breaches
- Professional Technical Scientific Services
- Public Administration Data Breaches
- Retail Data Breaches Security
- SMB Data Breaches Deep Dive
- Introduction by Regions
- Year in Review 2021
- 2021 DBIR Corrections
- Download the full report (PDF)
The Financial Services industry has long been known for rapid changes, including sudden dips, dizzying highs, and unforeseen fluctuations (thanks, Reddit users). This vertical has seen quite a diverse set of changes when it comes to the cybersecurity landscape as well. One that we have seen over the last few years has been a convergence of Internal actors and their associated actions with the more famous and nefarious External varieties.
This year 44% of the breaches in this vertical were caused by Internal actors (having seen a slow but steady increase since 2017) (Figure 104). The majority of actions performed by these folks are the accidental ones, specifically the sending of emails to the wrong people, which represents a whopping 55% of all Error-based breaches (and 13% of all breaches for the year).
When we turn our attention to malicious External actors, the Financial industry faces a similar onslaught of credential attacks, phishing and ransomware attacks that we see topping the charts in other industries. With regard to data type, Personal comes in first, followed by Credentials and Bank data, hardly surprising given the focus of the industry.
Finally, this industry continues to be heavily reliant upon external parties for breach discovery. Typically, via bad actors making themselves known (38% of the incidents) or notification from monitoring services (36% of incidents).
Let's get started.
Choose your country to view contact details.
- Select Country...
- Costa Rica
- Hong Kong
- New Zealand
- United Kingdom
- United States
Call for Sales.
Or we'll call you.