Analysis of the year’s breaches shows Finance and Insurance businesses are the most targeted and have lost a material count of records as a result.
It makes sense that threat actors want to “go where the money is.” The data in the Finance and Insurance industry can contain banking information, account balances, and access to all of it. The value of this is immeasurably more than just a stolen username and password, as there is financial context with the data itself. So, it makes sense that this industry sector is “where the money is” and is, therefore, a greater target for threat actors.
According to security vendor Flashpoint’s Year In Review: 2022 Financial Threat Landscape, a cross-section of data breaches by industry vertical shows that businesses in Finance and Insurance were the most targeted:
Source: Flashpoint
In all, Flashpoint denoted 566 data breaches with over 254 million records leaked. They do note that the same industry was not in the top spot with regard to ransomware attacks – something confirmed by Sophos’ The State of Ransomware in Financial Services 2022 report, in which only 55% of Finance and Insurance organizations experienced a ransomware attack – a far cry from the overall average of 66% across all industry sectors.
And because a material amount of these attacks can be attributed to untrained employees, it’s necessary for Financial and Insurance organizations to take strides to ensure their staff are properly educated using Security Awareness Training on cyberattacks, initial attack vectors, social engineering tactics, and more – all practices used by threat actors seeking to gain access to your data, applications, and systems.
