Data breach victims almost double in UK, says Chaucer
Cyberattacks in the UK last year breached the financial data of 53 million individuals, according to global specialty insurer and reinsurer Chaucer. In the year to September 2023, Chaucer recorded a 90% jump in compromised financial data of individuals on the previous year.
It also tracked a 12% increase in the number of data breaches involving the loss of financial data to 1,536 in the year to March 2023, based on disclosures by UK companies that incurred a cyberattack to their regulator.
Chaucer said the number of financial data items compromised by cyberattacks is rising despite an increasing awareness of the risks and investments in prevention.
Ben Marsh, deputy class underwriter at Chaucer, said: “The sheer number of items of sensitive data being compromised in attacks is very concerning – especially since the maturity of corporate cybersecurity defences have dramatically improved in the last three years”
“Even with all these improvements, the cyber threat continues to evolve at a rapid pace, and malicious actors continue to have the upper hand – the theft of such huge amounts of sensitive data is a reflection of this.”
Marsh said protocols, including multi-factor authentication and endpoint detection and response tools, are near prerequisites for companies wanting to secure cyber insurance.
“These also have to be tested and proven, with leadership and response teams completing virtual war games to test and adjust incident response plans. In addition, staff education now is increasing too as more and more companies throw simulated phishing campaigns at their employee inboxes,” Marsh said.
She said ransomware attacks target firms with the most sensitive data. But added that these companies are often unaware of how much of that data is under their control and at risk of breach. This could give rise to regulatory action or even class actions if companies are found to have poor controls over personal, health or other sensitive data, said Marsh.
“A lot of organisations still do not know the true extent of what data resides on their system nor do they employ the principles of least privilege. This makes them much more vulnerable to attack,” Marsh said. “Sensitive information such as passports, health information, financial transaction details, are prime targets for extortion through ransomware. This information needs to be secure and accessible only to those who need it, to help minimise a client’s risk.”
Marsh added that the continuing rise in ransomware attacks is being driven by new malware tools, which aids cyberattackers to become more organised and sophisticated.
The UKs Information Commissioner’s Office (ICO) recorded a 178% surge in successful cyberattacks against financial services companies in the year to June 2023.