Financial companies are on red alert regarding information security., or at least they should be. An IBM Security Report showed that the financial industry was the number one target of bad actors accounting for 17% of the more than 500 organizations surveyed in 2021 research. With reports of large-scale breaches becoming more common, it’s clear that the war to maintain data security has only begun. The difficult part is knowing what you're protecting yourself against and where to concentrate your efforts. Is the risk really outside your firm, or is the enemy within?
Here are two key things to keep in mind when making critical security decisions:
Internal Leaks Happen More Often
Several reports in recent years have conclusively shown that internal leaks are more common than leaks caused by hacking. According to IBM's Cost of a Data Breach Report 2021, breaches caused by malicious insiders were the third most costly with organizations losing some 4.61 million dollars. Leaks may also be caused by human error. In 2021, scores of major companies fell victim to major data breaches caused by a human error with each breach costing companies millions. Another IBM study on the impact and causes of data breaches places human error at the top of the list with as many as 95% of breaches being caused by human error. While it may seem that, due to negligence or maliciousness, employees are the bigger threat to company security, that only reveals one side of the story.
External Leaks Result in Larger Data Breaches
When you review the history of the world’s biggest data breaches, shown interactively on Information Is Beautiful’s website, those that leaked the most customer data have been from external attacks. Whereas internal leaks are smaller but more frequent, hacking leaks tens if not hundreds of thousands of customer data in a single breach.
So what's the answer? BOTH. The truth is, that every company should be concerned about both internal and external security breaches, but large financial firms are more likely to fall victim to an external hack than smaller firms. The devastating nature and size of possible external hacks make it prudent for large firms to focus their efforts on network safety. Smaller firms should focus on screening employees and training them on security measures. For more information about how to improve client data security, read our post titled, “What Financial Institutions Can Do to Keep Their Client DataSafer.”