A quarter of banks' data breaches are down to lost phones and laptops
Just 20 per cent were the result of hacking
One in four breaches (25.3 per cent) in the US financial services sector over recent years were due to lost or stolen devices, according to a new study.
Cloud security firm Bitglass further reports that one in five recorded breaches over the last 10 years were the result of hacking.
More than 60 financial sector organisations suffered recurring breaches in the last decade, including most major banks.
While hacking accounted for a disproportionate number of the individuals affected by financial services breaches, only one in five leaks were caused by hacking. Other breaches were the result of unintended disclosures (14 per cent), malicious insiders (13 per cent), and lost paper records.
In 2015, 87 breaches were reported in the financial services sector, up from 45 in 2014. In the first half of 2016, 37 banks have already disclosed breaches. One in seven (14 per cent) of leaks can be attributed to unintended disclosures and a similar 13 per cent to malicious insiders.
JP Morgan Chase, the US’s largest bank, has suffered several recurring breaches since 2007. The largest breach event, the result of a cyber-attack in 2014 affected an estimated 76 million US households. Other breaches at JPMorgan stemmed from lost devices, unintended disclosures, and payment card fraud.
Bitglass's Financial Services breach report is based on an analysis of all breaches in the financial services sector since 2006 with data aggregated from public databases and government mandated disclosures.
“Financial institutions are prime targets for hackers and are rightfully concerned about the threat of cyber-attacks, device theft, and malicious insiders,” said Nat Kausik, chief exec of Bitglass in a canned quote. “To stay one step ahead as data moves beyond the firewall, firms in this sector must encrypt cloud data at rest, control access by contextual risk, and protect data on unmanaged devices.” ®