Breaches hit record, but financial companies fare better than others

Register now

Advances in payments technology come with breach fears because innovation creates more avenues for fraudsters to travel.

The same holds true in other industries.New technology adoption and increased reporting resulted in a record number of reported incidents in 2016, though financial institutions such as card issuers did not suffer as much as other categories.

The U.S. hit an all-time high of 1,093 data breaches, a 40% increase from 2015, according to research from the Identity Theft Resource Center and CyberScout.
Of all the sectors the ITRC studied, the banking and financial services industry reported only 52 incidents, or 4.8% of total breaches, the lowest of any sector.

Since 2005, the ITRC has been identifying data breaches in five industry sectors. In 2016, the business sector again topped the list in the number of data breach incidents, with 494 reported, representing 45.2% of the overall number of breaches.

The healthcare/medical industry followed with 377 incidents, representing 34.5% of the overall total. The education sector (98) followed at 9%, and the government/military (72) at 6.6%.

"With support from CyberScout, the ITRC has been able to heighten its efforts in tracking breaches nationwide by seeking out information on breach incidents through direct contact with numerous states' attorney general offices as well as by submitting Freedom of Information Act requests," Eva Velasquez, president and CEO of ITRC, said in a Jan. 19 press release.

"For the past 10 years, the ITRC has been aware of the under-reporting of data breach incidents on the national level and the need for more state or federal agencies to make breach notifications more publicly available."

Data security experts aren't surprised financial companies had fewer breaches, because of the industry's track record.

"With the world's money at stake, financial services firms have always invested more heavily in the tools needed to protect their data, and that shows in the numbers," said Andy Kicklighter, director of product security for Thales e-security. "Versus other industries, they also have a larger number of industry standards and government regulations to comply with, which improves their baseline for data security."

Financial services companies also pay closer attention than other industries do to where sensitive data is stored, Kicklighter said. "Having a better idea of where the data is enables them to build strong defenses that directly protecdt that data with tools like encryption and access controls, making it harder for cyber-attackers or malicious insiders to gain access to the information," he added.

For the eighth consecutive year, hacking, skimming and phishing attacks were the leading cause of data breach incidents, accounting for 55.5% of all instances. Of these, many were a result of CEO spear-phishing efforts in which highly sensitive data, typically information required for state and federal tax filings, was exposed.

Breaches involving accidental email and Internet exposure of information accounted for 9.2% of the total, with employee error at 8.7%.

For reprint and licensing requests for this article, click here.