Back to Blogs

Verizon's Data Breach Report Highlights Risk of Email For The Financial Services Sector

A majority of data collection and delivery processes in the banking sector is performed over email-- and has been for quite some time. These processes typically involve attaching pay stubs, tax returns, etc. Unfortunately, it’s become clear that email is not as secure as it should be. The recent 2020 Data Breach Investigations Report from Verizon detailed exactly how email remains a huge source of risk.

In this guide, we’ll break down the key points from the report which can be found here

Summary - 2020 Data Breach Investigations Report

  • In 2020, there were 2,950 breaches across sixteen different industries and four world regions.
  • In the financial planning and insurance industries alone, there were 1,509 incidents. 448 of these incidents had confirmed data disclosure.
  • Of the data compromised, 77% were clients’ personal information, 35% were credentials, 32% were bank-related breaches, and 35% are listed as “other.”
  • When it comes to cybersecurity in the financial sector, “miscellaneous errors” once were the main pattern and the top cause of most breaches. However, web applications, specifically email accounts, are quickly becoming the main sources for data breaches at banks and investment firms.
  • It’s believed that this trend can be attributed to simple misdelivery-- namely, financial advisors and bank staff unintentionally sending the wrong information to the wrong person. This information can include electronic data, such as an email sent to the wrong recipient via an autofill in the “To:” field.
  • Misconfiguration was another leading cause of this trend in poor security. This occurs when a system administrator does not secure a cloud storage bucket or accidentally misconfigures necessary firewall settings.
  • In the case of both misdelivery and misconfiguration, the motivation was overwhelmingly carelessness. Possibly due to little training or a lack of enthusiasm for the work, cybersecurity takes a strong nosedive. It’s unclear how exactly to solve this ongoing problem, but it is clear that carelessness can cause serious financial damage.
  • Phishing is a major social variety in the finance and insurance industry breaches, with over 80% of email-based cybersecurity attacks attributed to phishing. This form of attack is becoming increasingly common for business email compromisation, and phishing can take on a variety of forms. One common phishing attack noted in the report included the “phishing email masquerading as coming from someone in the executive level of the company” in which an attacker would ask a staff member or colleague for money or something of monetary value.
  • This trend in email misdelivery is a dangerous one, as the level of sensitivity in the data sent can vary significantly. This can cause a relatively minor breach or a massive breach, depending on what files were attached to the email and how large the pool of people the email was sent to is.