23% jump in data breaches at financial services businesses
Financial advisers increasingly targeted: more reports expected as new General Data Protection Regulations comes in
UK financial services companies have reported 140 data breaches to the Information Commissioner's Office in 2016/17*, a 23% jump from 114 in 2015/16*, says City headquartered law firm RPC.
Data breaches involve the loss of client data through cyber-attacks or accidental leaks. The number of breaches that financial services businesses have reported to the Information Commissioner's Office has risen by 59% in the last five years, from just 88 in 2012/13*.
RPC says that the biggest increase in reported data breaches has come from insurance companies, where the number has doubled in a single year, from 16 in 2015/16, to 32 in 2016/17. Similarly, financial advisers have had a 96% increase in the number of reported data breaches, from 25 to 49, while there has been a 45% drop in the number of data breaches reported by banks**, from 64 to 44.
RPC explains that whilst hackers are still targeting banks (such as Tesco bank) they are also paying more attention to smaller financial services firms such as financial advisers. These smaller institutions still sit on huge quantities of sensitive financial and other personal information but are less likely to have robust, multi layered and expensively maintained cyber-defences to safeguard their systems and data.
RPC adds that these numbers are only the cases that have been reported by the affected organisations. The actual number of breaches is likely to be higher partly because breaches currently do not need to be reported in every instance.
Once the General Data Protection Regulations come into effect in May 2018 it is likely that the number of reported cases of data breaches will rise further, as companies will in most cases be required by law to report them to the Information Commissioner's Office within 72 hours.
Richard Breavington, Partner at RPC, comments: “The rise in reported data breaches shows that despite substantial investment into cyber security, businesses are far from winning the arms race with hackers. And arms race is not an exaggeration – with hackers making use of tools first designed by offshoots of spy agencies and defence agencies.
“Insurance against these types of breaches is one of the fastest growing segments of the insurance industry. Data breach services such as ReSecure, provided through RPC, can help to protect the data and reputation of companies, if they become the victim of a hack.
“ReSecure provides companies with access to data breach management, technical forensic investigation, legal advice, notification, web and credit monitoring and public relations services.”
Number of reported data breaches at financial services companies jump 23% in a year
*Year end March 31
**Banks and building societies