Ransomware attacks continue to rise, but accidental data breaches remain a major cause of loss: Beazley

Ransomware attacks continued their rise in the first half of 2017, up by 50% over the first half of 2016, but accidental breaches continue to be a major problem and account for 30% of breaches overall, specialist insurer Beazley reported on Tuesday.

Beazley, which offers cyber and data breach response insurance, released its latest Beazley Breach Insights report on Aug. 1 based on client data in the first six months of 2017. The report found that hacking and malware attacks – of which ransomware attacks form a growing part – continue to be the leading cause of breaches, accounting for 32% of the 1,330 incidents that Beazley Breach Response (BBR) Services helped clients handle in the first half of the year.

However, accidental breaches caused by employee error or data breached while controlled by third party suppliers continue to be a major problem, accounting for 30% of breaches overall, only slightly behind the level of hacking and malware attacks. In the healthcare sector, these accidental breaches represent, by a significant margin, the most common cause of loss at 42% of incidents, Beazley noted in a statement.

“This continuing high level of accidental data breaches suggests that organizations are still failing to put in place the robust measures needed to safeguard client data and confidentiality,” the insurer suggested in the statement. “Since 2014, the number of accidental breaches reported to Beazley’s Breach Response team has shown no sign of diminishing. As more stringent regulatory environments become the norm, this failure to act puts organizations at greater risk of regulatory sanctions and financial penalties.”

Among financial services firms, unintended disclosure – sending bank account details or personal information to the incorrect recipient, for example – grew to 29% in H1 2017 from 25% in H1 2016, a level that has remained consistent since 2014. Hacks and malware were on a downward trend, representing 37% of breaches in H1 2017 compared to 46% of breaches in the first half of 2016.

In the higher education sector, unintended disclosures caused 26% of breaches in H1 2017. While slightly down on the 28% recorded in H1 2016, “this still represents a quarter of all breaches which could be mitigated through more effective controls and processes,” Beazley said in the statement. Hacks and malware accounted for nearly half of higher education data breaches in the first six months of 2017 (43%), roughly even with the 45% of breaches caused by hacking in the same period in 2016. Of these, 41% were due to phishing.

In healthcare, unintended disclosure such as misdirected faxes and emails or the improper release of discharge papers continued to drive the majority of healthcare losses. These breaches lead to 42% of industry breaches in the first half of 2017 – equal to the proportion of these breaches in the industry in H1 2016. Hacks and malware accounted for only 18% of healthcare data breaches in H1 2017 compared to 17% in 1H 2016.

At first glance, professional services firms appear to have greater internal controls in place, with unintended breaches accounting for 14% of all incidents, well below the average for the period in question. However, the trend is tracking adversely, up from 9% in H1 2016, the statement said. Firms in the sector were not immune to hacking and malware attacks, with these incidents accounting for 44% of breaches in the time period compared to 53% in H1 2016. Social engineering scams, including W2 fraud (wage and salary forms) and requests for fraudulent wire transfers, were a large driver of attacks at the beginning of 2017.

“Unintended breaches account for one-third of all data breach incidents reported to Beazley and show no signs of abating,” Katherine Keefe, global head of BBR Services, said in the statement. “They are a persistent threat and expose organizations to greater risks of regulatory sanctions and financial penalties. Yet, they can be much more easily controlled and mitigated than external threats. We urge organizations not to ignore this significant risk and to put more robust systems and procedures in place.”

During the first half of 2017, BBR Services, Beazley’s in-house team of breach response experts, managed 1,330 incidents on behalf of clients, compared to 955 incidents during the same period 2016. Since the launch of BBR in 2009, Beazley has helped clients handle more than 6,000 data breaches.