A Tale of An Industry: The Finance Sector & Data Breach Type Trends


September marked a month of heated discussion concerning data privacy issues, with continuing coverage in the media regarding breaches at major, global institutions. Bitsight looked into the types of breaches experienced by the finance sector over three years of data to determine whether web application compromise is on the rise as well as the impact of these events.

Frequency of Incident Classification Patterns-Finance Sector

Figure 1

Figure 1 displays the proportion of breaches within each industry sector collected by Bitsight since 2015 with darker colors correspond to a greater prevalence of a certain breach type. Only 11% of the finance sector breaches in the past 3 years list web application compromise as their primary cause. In contrast, 38% of incidents were caused by employee error and another 11% resulted from privilege abuse.

By itself, this finding would suggest that financial organizations should focus on implementing trainings and controls that limit the damage that can be done by poorly equipped or disgruntled workers. By doing so they might expect to reduce their risk of all breaches by almost half. However, we know that the data breach landscape is not static, and that the relative frequency of these event types has changed over time.

Classification Patterns - Finance Sector 2015

Figure 2

When we include a temporal aspect, it becomes clear that there has been a fundamental shift in the types of events experienced by the finance sector. In 2015, web application compromise made up only 8% of the breaches observed by Bitsight at financial organizations.

Classification Patterns-Finance Sector 2016

Figure 3

By 2016, web application compromise rose to 11% (Figure 3).

Classification Patterns-Finance Sector 2017

Figure 4

In 2017, web application compromise overtook all other breach types, making up a significant 33% of events experienced by the finance sector. During the same time period, employee error and privilege abuse trended in the opposite direction, meaning that the threat landscape shifted from events caused primarily by internal actors to those caused by someone external to the company. This finding is important, but it still leaves out the size of the breaches or their impact on a business.

Median Record Loss by Breach Type-Finance Sector

Figure 5

Bitsight uses breached record count as a proxy for the severity of a security event. Web application compromise had the highest median record count (3,475) in the finance sector for all breach types with the exception of unsecured databases. It is also the category with the highest mean record count due to the prevalence exerted by a few massive data compromise incidents.

Bitsight has observed the huge reputational damage that results from these large publicly-disclosed incidents. In contrast, privilege abuse and employee error typically result in small compromised record counts and insignificant reputational declines.

As indicated in the findings above, the finance sector has experienced a relative uptick in data breaches resulting from web application compromise over the past 3 years to one third of all breach events in 2017. These events result in greater information loss and reputational damage than other breach types observed by Bitsight. As the risk of breach increases, it’s more critical than ever for organizations to be aware of their own security posture as well as the vulnerabilities in their supply chain. In our most recent Bitsight Insights report, The Buck Stops Where: Assessing the Cyber Performance of the Finance Supply Chain, we showcase more of Bitsight’s research surrounding the Finance industry as well as proactive recommendations for organizations to strengthen the security of their networks.