The financial services sector has the widest gap between perceptions about its data security and its vulnerability to data attacks.
A survey by data security provider Dasera found that 73% of institutions questioned said they had high levels of confidence in their ability to fend off ransomware attacks, data breaches and other unauthorised uses of data. Nevertheless, records of attacks showed that those firms were among the worst affected in 2023.
“The significant number of breaches contradicts high confidence in their security strategy, suggesting overconfidence in their security posture,” the report, entitled The State of Data Risk Management 2024, stated. “The sector remains a prime target for cyberattacks due to valuable data, indicating a gap between perceived effectiveness and actual vulnerability.”
The report compared the perceptions of companies in a range of high-profile data-focused sectors, including healthcare and government, with statistics on data breaches compiled by a variety of organisations and studies. These include the Verizon Data Breach Security Report, Kroll’s Data Breach Outlook Report and the Identity Theft Resource Centre.
Record Year
The Dasera survey said the combined conclusions of those studies showed that 2023 was a “record-breaking year” for breaches.
According to Verizon, the financial services industry suffered 477 data security incidents in 2023, compared with 380 for IT firms and 433 in the healthcare sector. Only government bodies suffered more, at 582. Kroll found that financial firms accounted for the largest proportion of attacks, at 27%.
Two-thirds of breaches originated externally. With the balance coming from internal “threat actors”, the financial services firms were among the least protected against attacks from within their own systems.
The report found that 77% of breaches within the sector came from basic web application attacks, miscellaneous errors and system intrusions.
“The survey underscores the importance of adopting integrated and automated data security strategies to address these challenges,” the Dasera report stated. “Reliance on outdated, manual processes and slow adoption of automated systems contribute to current vulnerabilities. Organisations must prioritise modern, proactive approaches, including regular audits, strategic use of technology, and external consulting, to effectively navigate the evolving landscape of data risk.”
Subscribe to our newsletter
