Financial and Insurance (NAICS 52)
Please provide the information below to view the online Verizon Data Breach Investigations Report.
Thank You.
Thank you.
You will soon receive an email with a link to confirm your access, or follow the link below.
Thank you.
You may now close this message and continue to your article.
- 2024
- Summary of Findings
- Introduction
- Helpful Guidance
- Results and Analysis - Introduction
- Incident Classification - Introduction
- Industries - Introduction
- Accommodation and Food Services Data Breaches
- Educational Services
- Financial and Insurance Services
- Healthcare Data Breaches
- Information Industry Data Breaches
- Data Breaches in Manufacturing Industries
- Professional Services Data Breaches
- Public Administration Data Breaches
- Retail Data Breaches and Security
- Introduction to Regions
- Wrap Up
- Appendix
- Corrections
- Download the full report (PDF)
Frequency |
3,348 incidents, 1,115 with confirmed data disclosure |
|
Top patterns |
System Intrusion, Miscellaneous Errors and Social Engineering represent 78% of breaches |
|
Threat actors |
External (69%), Internal (31%) (breaches) |
|
Actor motives |
Financial (98%), Espionage (2%) (breaches) |
|
Data compromised |
Personal (75%), Other (30%), Bank (27%), Credentials (22%) (breaches) |
|
What is the same? |
Miscellaneous Errors continue to plague this industry. As it did last year, Misdelivery presents an ongoing challenge for this sector. |
Summary
System Intrusion has overtaken Miscellaneous Errors and Basic Web Application Attacks as the primary threat in Financial and Insurance this year, indicating a shift toward more complex attacks, accompanied by a rise in Social Engineering. Increased visibility into the Europe, Middle East and Africa (EMEA) region shows us that Ransomware attacks are alive and well there as well.
High as a Georgia pine
If our dataset is any indicator, interest rates and premiums aren’t the only things rising in the Financial and Insurance industry. The System Intrusion pattern, where most of the more complex attacks typically reside, has risen from its third-place position last year to first place this year (Figure 60). The Social Engineering pattern, also typically a sign of increased complexity, is now in the top three patterns as well, while the more simplistic Basic Web Application Attacks (last year’s champion) has fallen entirely off the podium. This is in relatively stark contrast to last year’s findings in which we pointed out that the adversaries weren’t having to expend a great deal of effort to gain access to corporate data in this vertical. These changes seem to indicate that attackers are being forced to work a bit harder in order to compromise organizations in this sector. That is good news for everybody—except the threat actor, of course.
Lest they make it simply too difficult for criminals, this vertical remains consistent in committing Errors. As was almost universally the case this year, Misdelivery was quite prominent (Figure 61) and, along with Misconfiguration and Loss, made up most of the errors in this industry.
Has any action been taken?
With regard to Action varieties, they tell the story of the patterns relatively clearly. Ransomware and the Use of stolen credentials, the bread and butter of the System Intrusion pattern, are very common in this industry (and help boost that 95% Financial motive). All of those stolen credentials have to come from somewhere, and that somewhere is frequently from social attacks such as Phishing and Pretexting. Of course credentials can also come from a multitude of other sources such as Brute force attacks (although it was quite low on the list for hacking actions) or simply harvested and reused from another breach.
Lastly, but certainly worthy of mention, is that 8% of the cases in our incident dataset targeting this sector were part of the whirlwind of the MOVEit breach, which shows how far-reaching supply chain breaches can be.