Hackers take aim at small banks and credit unions

During the first half of 2016, the BBR Services division managed 955 data breaches on behalf of clients, compared to 611 breaches during the same period last year. After healthcare, financial institutions, particularly those with annual revenues below $35 million, experienced the highest levels of breaches.

Continue reading…

Have a plan in place

The level of hacks in the healthcare, higher education and retail sectors was consistent compared to 2015. The prevalence of hacking across all industries is a reminder that all firms should have a plan in place to respond if they suffer a data breach.

Cyber insurance is an important part of a comprehensive plan that provides organizations with the resources and expert advice they need to act quickly when an incident occurs.

A growing understanding of the threat posed by hackers has prompted most larger financial services firms to put more resources toward data breach prevention and detection.

Hackers have responded to the stronger defenses at larger firms by increasingly focusing on smaller and softer targets.

Although hacking attempts aimed at financial institutions increased overall in the first half of 2016, smaller firms faced the majority of these attacks.

Banks and credit unions with less than $35 million in annual revenue accounted for 81 percent of hacking and malware breaches at financial institutions in 2016, a major increase over the 54 percent of incidents they represented in 2015. 

Need to act quickly

It's important that smaller financial institutions have the protection and resources available to act quickly when an attack occurs to protect their customers' financial information.

Hackers using malware to lock up an organization's files until a ransom is paid — known as "ransomware" — has emerged as an increasingly prevalent tool over the last three years.

The number of ransomware breaches Beazley handled in the first half of 2016 was twice those observed in all of 2015. These attacks are on pace to quadruple in 2016 compared to 2015.

Hacking and malware remain a persistent threat for organizations in all industries. Across all the industries in Beazley's portfolio, the proportion of data breaches deriving from hacking and malware attacks in the first six months of this year stood at 31 percent, in line with the proportion of incidents observed in 2015 (32 percent).

Continue reading…

(Photo: iStock)

Higher education and retailers still targets

In addition to financial institutions, higher education and retail organizations continue to suffer from a higher than average level of hacking attacks.

• Higher education institutions continued to see a high proportion of breaches due to hacking or malware, which accounted for 46 percent of breaches in the first half of 2015, up from 35 percent in 2015.
• Within healthcare organizations, breaches caused by unintended disclosure represented 42 percent of all industry incidents in 2016 to date, a sharp rise from 30 percent in 2015. This is driven by the large amount of information shared between organizations in the industry. 17 percent of healthcare breaches were caused by hacking or malware in 2016, down from 27 percent in 2015.
• Retail industry breaches caused by hacking and malware remained high, accounting for 49 percent of all retail data breaches in 2016 compared to 55 percent in 2015.

Brokers and insurers can help businesses, and other organizations, by keeping them aware of their data breach exposures and working with them to develop appropriate risk management solutions. Preventative measures are unlikely to be completely successful and it's important that companies know what to do after data breaches impact them.

Continue reading…

(Photo: iStock)

Five steps to protecting data

Attacks often succeed by exploiting misconfigured systems or human error, such as luring employees to respond to phishing emails.

Here are five steps organizations can take to help protect their data:

• Train employees to be aware of the kind of information they need to protect — personally identifiable information (PII) and protected health information (PHI) — and to avoid falling for phishing attacks and other forms of social engineering.
• Develop a robust incident response plan. Data breaches cannot be well handled on the fly. Advance planning can help avert serious reputational or financial harm. A well thought out and practiced incident response plan should guide management through the life cycle of a breach – from the initial suspicion that something is amiss to full-blown forensic analysis, legal advice, customer communications and PR assistance.
• Categorize potential data risks by threat level. Over-reacting to a breach can be as damaging as under-reacting. 
• Review supplier contracts carefully to ensure that your customers' data is well protected when it is in the hands of suppliers or vendors.
• Encrypt data, particularly mobile devices, laptops, and thumb drives, which are most likely to be lost.

Related: What's your data breach response plan?

Paul Nikhinson is Privacy Breach Response Services Manager for Beazley's Breach Response Services unit. He can be reached at 415-317-7893 or by email at Paul.Nikhinson@beazley.com.