Lost or stolen devices account for one-quarter of breaches in U.S. financial services sector: study

Lost or stolen devices accounted for one in four breaches in the financial services sector in the United States, according to a recent study from Bitglass, a total data protection company based in Campbell, Calif.

The Silicon Valley cloud access security broker firm said in its Financial Services Breach Report released last week that one in four (25.3% of) breaches “over the last several years” were due to lost or stolen devices, and nearly one in five (19.2%) were the result of hacking. Another 14.1% of leaks could be attributed to unintended disclosures, 13.1% to malicious insiders, 8.1% to lost paper records and 3% to payment card fraud, Bitglass noted in the report. A total of 17.2% breaches were classified as “unknown.”

The report analyzed all breaches in the sector since 2006, with data aggregated from public databases and government mandated disclosures. According to Bitglass, leaks nearly doubled between 2014 and 2015, from 45 to 87. Already in the first half of 2016, 37 breaches have been disclosed.

The largest banks in the United States have all suffered leaks at some point in the recent past, Bitglass noted in a statement. In the first half of 2016 alone, five of the nation’s top 20 banks disclosed breaches. Over 60 organizations suffered recurring breaches in the last decade, including most major banks. JP Morgan Chase, the nation’s largest bank, has suffered recurring breaches since 2007, the report noted. The largest breach event, the result of a cyberattack, was widely publicized in 2014 and affected an estimated 76 million U.S. households. Other breaches at JPMorgan were due to lost devices, unintended disclosures and payment card fraud.

The report referenced a Ponemon Institute study earlier this year that estimated the average cost per lost or stolen record in the U.S. at $221. “Financial services organizations face a much higher average cost per lost recored – $264,” the report said. “With millions of customers, large banks are subject to material penalties as a result of a breach. For smaller regional banks with hundreds of thousands of customer records, the costs can be devastating.”

The problem with data breaches, according to Bitglass, is that the financial sector “struggles with data leakage in part because many such organizations rely on dinosaurs – security solutions that struggle to protect data outside the corporate network. Many of these breaches, far more common and costly than enterprises may realize, can easily be prevented with the appropriate controls in place.”

“Financial institutions are prime targets for hackers and are rightfully concerned about the threat of cyberattacks, device theft, and malicious insiders,” said Nat Kausik, CEO of Bitglass, in the release. “To stay one step ahead as data moves beyond the firewall, firms in this sector must encrypt cloud data at rest, control access by contextual risk, and protect data on unmanaged devices.”