Banks and financial institutions are one of the biggest targets for cybercriminals, and in recent years have seen record numbers of attacks. For example, 2021 saw an all-time high of 2,527 attacks which reduced to 1,829 in 2022 (although this is still more than in the preceding years). And these attacks result in high losses too. According to IBM the typical cost of a data breach for the finance sector in 2022 was USD 5.97m – that’s around USD 1.5m more than the average cost across all industries.

Why is the finance sector a target?

There are several reasons why cybercriminals focus their attacks on banks and financial institutions, the main one being money. Nearly everyone has a bank account of some sort which, to open, requires sharing personal information. Not only can this be used by criminals to make unauthorised financial transactions, but it can also be used to create more convincing phishing emails to trick people into handing over large amounts of money. Personal data and financial information that these institutions hold are also very valuable on the dark web. For example, credit card details with an account balance of up to USD 5,000 can sell for USD 120, whilst verified Cashapp account can sell for USD 800 and a verified Stripe account with payment gateway can sell for USD 1000.

The financial sector is also a target for ransomware because of the crucial role it plays in global stability generally. Any sort of theft of money or data can cause loss of trust and severe economic disruption so, theoretically, targets would be more incentivised to pay a ransom. 

Examples of cyberattacks on the sector

In recent years there have been several cyber attacks on banks and financial institutions globally. Last year the US financial services division of the Chinese Bank ICBC was hit with a ransomware attack which was later found to be the work of the hacking group LockBit. This resulted in some disruption to US Treasury trades. In 2022, South African credit bureau, TransUnion SA suffered a cyber attack that saw around 3m customers’ data stolen. The hackers demanded a ransom, but the organisation refused to pay. And in the same year, the IRA Financial Trust lost USD 36m in cryptocurrency when unknown threat actors drained various cryptocurrencies from customers’ accounts. 

How should financial institutions protect themselves?

In order to limit the risk of becoming a victim, institutions in the financial sector should create a cybersecurity culture within their organisations that incorporates a zero trust approach (including things like multifactor authentication and least privilege access), staff training and cross-industry collaboration. In addition, network segmentation can reduce the impact of an attack should a hacker gain access and data backups on separate servers mean that operations can still continue even in the case of a ransomware attack.