Almost half of data breaches in the financial services industry during 2020—44%—were the result of mostly accidental actions taken by internal actors, such as sending emails to the wrong people, which accounted for 55% of all error-based breaches, according to findings from Verizon’s latest global data breach investigations report. These types of internal breaches have “seen a slow but steady increase since 2017,” the report noted.
A majority of data breaches against the financial services industry (which includes both financial services and insurance firms for the purposes of this report)—56%—were perpetrated by external actors through credential attacks, phishing and ransomware. Attacks against the financial industry were mostly motivated by attackers’ financial interests (96%), while only a small percentage of attacks were motivated by espionage, grudge, fun or ideology.
Looking at data breach trends more broadly, the report found that phishing remained among the top actions identified in data breaches, and that it intensified during the pandemic—phishing was present in 36% of breaches, up from 25% the year prior. The use of ransomware also doubled from last year, appearing in 10% of data breaches.