Financial and Insurance (NAICS 52)

Please provide the information below to view the online Verizon Data Breach Investigations Report.

Thank you.

You will soon receive an email with a link to confirm your access, or follow the link below.

Download this document

Thank you.

You may now close this message and continue to your article.



3,348 incidents, 1,115 with confirmed data disclosure

Top patterns


System Intrusion, Miscellaneous Errors and Social Engineering represent 78% of breaches

Threat actors


External (69%), Internal (31%) (breaches)

Actor motives


Financial (98%), Espionage (2%) (breaches)

Data compromised


Personal (75%), Other (30%), Bank (27%), Credentials (22%) (breaches)

What is the same?


Miscellaneous Errors continue to plague this industry. As it did last year, Misdelivery presents an ongoing challenge for this sector.


System Intrusion has overtaken Miscellaneous Errors and Basic Web Application Attacks as the primary threat in Financial and Insurance this year, indicating a shift toward more complex attacks, accompanied by a rise in Social Engineering. Increased visibility into the Europe, Middle East and Africa (EMEA) region shows us that Ransomware attacks are alive and well there as well.

High as a Georgia pine

If our dataset is any indicator, interest rates and premiums aren’t the only things rising in the Financial and Insurance industry. The System Intrusion pattern, where most of the more complex attacks typically reside, has risen from its third-place position last year to first place this year (Figure 60). The Social Engineering pattern, also typically a sign of increased complexity, is now in the top three patterns as well, while the more simplistic Basic Web Application Attacks (last year’s champion) has fallen entirely off the podium. This is in relatively stark contrast to last year’s findings in which we pointed out that the adversaries weren’t having to expend a great deal of effort to gain access to corporate data in this vertical. These changes seem to indicate that attackers are being forced to work a bit harder in order to compromise organizations in this sector. That is good news for everybody—except the threat actor, of course.

Data Breach Investigation Report figure 60

Lest they make it simply too difficult for criminals, this vertical remains consistent in committing Errors. As was almost universally the case this year, Misdelivery was quite prominent (Figure 61) and, along with Misconfiguration and Loss, made up most of the errors in this industry.

Data Breach Investigation Report figure 61

Has any action been taken?

With regard to Action varieties, they tell the story of the patterns relatively clearly. Ransomware and the Use of stolen credentials, the bread and butter of the System Intrusion pattern, are very common in this industry (and help boost that 95% Financial motive). All of those stolen credentials have to come from somewhere, and that somewhere is frequently from social attacks such as Phishing and Pretexting. Of course credentials can also come from a multitude of other sources such as Brute force attacks (although it was quite low on the list for hacking actions) or simply harvested and reused from another breach.

Lastly, but certainly worthy of mention, is that 8% of the cases in our incident dataset targeting this sector were part of the whirlwind of the MOVEit breach, which shows how far-reaching supply chain breaches can be.


Call Sales

Have us contact you
Request a call

Call for Public Sector