Connect with us
Finance Digest is a leading online platform for finance and business news, providing insights on banking, finance, technology, investing,trading, insurance, fintech, and more. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.


Time to act as cybercriminals hot on the heels of finance sector

Kingsley Hayes, Head of Data Breach at Keller Lenkner UK, the group action and multi-claimant firm currently pursuing a number of data breach claims against national and global organisations

There is no getting away from the fact that cybercriminals have their eyes firmly on businesses operating in the finance sector.

A highly lucrative target for hackers, official reports and records repeatedly echo the importance of data protection in the industry.

Damning data breach figures a clear warning 

The threat of cybercrime for financial services organisations, and their customers, is real. Global and domestic statistics reveal serious cracks in the robustness of cybersecurity in the sector with hackers generously rewarded for their efforts.

UK cyber incidents paint a bleak picture

According to data from Statistica, financial services are at most risk of phishing attacks (24.5%).

In the past 12 months, up to the end of September, 14% of all cyber incidents reported to the Information Commissioner’s Office (ICO) came from the finance, insurance and credit sector.

Phishing and ransomware have proved the biggest threats to cybersecurity

More than two fifths (41%) of cyber related incidents in the industry during this period was a result of phishing

Ransomware attacks accounted for 28% of all cyber incidents in the past year for businesses in the finance sector

The last quarter showed a sharp rise in ransomware attacks with the highest number recorded over the past year – 57 incidents compared to just eight in the previous quarter

Global ransomware incidents a costly risk

The State of Ransomware in Financial Services report 2021 published by Sophos found that 51% of organisations stated that cybercriminals had succeeded in encrypting their data.

A quarter of the businesses affected had paid the ransom demanded in return for their stolen data

One third of breached data remained inaccessible despite cybercriminals pocketing the hefty rewards

More than a third (34%) of financial services organisations had been victim to a ransomware attack in the past year according to its findings

The average cost of rectifying a ransomware attack was $2.10 million

Brand trust following a data breach

Business and personal customers alike place their trust in the financial sector to maintain the highest level of data protection to minimise the known risks posed by cybercriminals.

When a cyber incident occurs exposing confidential, and highly valuable data, years of trust building is lost in an instant.

Damage limitation efforts cannot mitigate the full risks once private data has been obtained fraudulently.

What happens after a data breach as a result of hacking?

Cybercriminals are alert to the full financial benefits following a successful hack – and will exploit all opportunities available to them, including selling stolen data to third parties and money laundering making retrieving the full losses challenging at best.

An increasing dependence on technology means that cybercriminals can target businesses from anywhere in the world.

Taking proactive preventative measures requires adequate levels of investment – including prioritising cybersecurity as a business essential.

The cost to businesses following cybercrime includes lost time, reputational damage, loss of customers and the extensive costs of rectifying the issue – with no guarantee of mitigating the full associated risks after the event.

Limitless damage unrecognised

When large volumes of sensitive information are accessed by criminals, the full impact may not be realised in some instances, for several years after a hack.

The historic behaviour of cybercriminals indicates that stolen confidential details can be used in batches over time which could mean weeks, months, or even many years after a date breach has been discovered.

This means that affected individuals can suffer the wide-reaching consequences long after a business has considered the matter dealt with.

The human cost of data protection violations

Private information, including names, dates of birth, account numbers and national insurance details, can and will be used for fraudulent activity when placed in the wrong hands.

Identity theft leading to substantial financial losses and damage to credit ratings have a ripple effect impacting every aspect of an individual’s life.

The financial implications are just one aspect of the significant harm caused when organisations fail in their data protection obligations.

The psychological impact on victims following a data breach within the financial sector is immeasurable and is often underestimated.

Living with the fear of not knowing if, and when, an individual’s personal details will be used fraudulently – and what this will mean for short and long term financial security – can lead to anxiety and depression.

The result for some may mean being unable to continue in their employment, losing their homes and damaging relationships.

Being held to account

The cost to businesses who fail to implement an appropriate level of cybersecurity goes beyond the cost of recovering the stolen data, rebuilding trust in their brand and investing in the measures that should have been in place before a data security incident.

Victims of data breaches are entitled to compensation which is calculated based on their actual, and potential, financial losses and psychological injury.

Organisations can also face hefty penalties for failing to comply with data protection laws.

Data protection in the post pandemic era

The pandemic has delivered an ideal environment for cybercriminals to excel in their endeavours:

  • Sudden, unexpected, and heavy reliance on technology
  • Unplanned working from home for entire workforces
  • Lack of adequate staff training before, and / or during the crisis
  • Inadequate investment in cybersecurity before and / or during the pandemic
  • Lack of security controls within home working environments
  • Increased risk of mistakes as a result of the above, and the chaos and uncertainty as a result of the health crisis

Organisations are now faced with the challenges of considering hybrid working and the potential cybersecurity risks arising from this.

New FCA guidance

The Financial Conduct Authority (FCA) issued new guidance in October for the financial sector to help ensure a secure transition to hybrid working.

The guidance includes regulatory requirements, data compliance and accountability. Businesses in the financial sector will have to prove that remote working and the lack of centralised services will not lead to an increased risk of financial crime.

The industry will have to demonstrate it has appropriate governance in place and that policies and procedures can be successfully cascaded to reduce the risks of financial crime.

Cybersecurity future forecast

Only time will tell whether the financial sector can not only swiftly adapt to a changing work environment, but also anticipate the imminent, and inevitable risk of a cyber-attack.

The only certainty is that a cybersecurity incident can only be prevented within organisations that prioritise data protection and invest in robust, and comprehensive measures throughout their business and including their supply chain.


Continue Reading

Why pay for news and opinions when you can get them for free?

       Subscribe for free now!

By submitting this form, you are consenting to receive marketing emails from: . You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Posts