Ransomware attacks double in 2017 and accidental data loss remains a concern: Beazley
Ransomware attacks more than doubled in the first half of 2017 compared to the same period of 2016, while accidental or unintended data breaches accounted for nearly a third of incidents, according to latest figures from Beazley.
Reporting data breaches suffered by client in the first half of this year, Beazley explained that ransomware accounted for more than 125 incidents in H1, a jump of more than 50%. Hacking and malware attacks, including growing use of ransomware, continue to be the leading cause of breaches, accounting for 32% of the 1,330 incidents handled by Beazley Breach Response Services in the first half of 2017.
However, accidental breaches caused by employee error or data breached while controlled by third-party suppliers continues to be a major problem, accounting for 30% of breaches overall.
Beazley said the continued “high level” of accidental data breaches suggests that organisations are “still failing to put in place the robust measures needed to safeguard client data and confidentiality”.
Since 2014, the number of accidental breaches reported to Beazley’s team has shown no sign of diminishing. “As more stringent regulatory environments become the norm, this failure to act puts organisations at greater risk of regulatory sanctions and financial penalties,” said Beazley.
Katherine Keefe, global head of Beazley Breach Response Services, said: “Unintended breaches account for one third of all data breach incidents reported to Beazley and show no signs of abating. They are a persistent threat and expose organisations to greater risks of regulatory sanctions and financial penalties. Yet, they can be much more easily controlled and mitigated than external threats. We urge organisations not to ignore this significant risk and to put more robust systems and procedures in place.”
Unintended data disclosure – such as misdirected faxes and emails, or the improper release of discharge papers – continued to drive most healthcare losses. They caused 42% of healthcare industry data breaches in the first half of 2017. Hacks and malware accounted for only 18% of healthcare data breaches in H1, compared to 17% during the same period of 2016.
Accidental disclosures caused 26% of data breaches in the higher education sector in H1 2017. Hacks and malware accounted for nearly half of higher education data breaches during the first six months of 2017 (43%), of which 41% were due to phishing.
Unintended disclosure among financial services firms – such as sending bank account details or personal information to the incorrect recipient – grew to 29% in H1 2017, up from 25% in the same period of last year. Hacks and malware were on a downward trend, representing 37% of breaches compared to 46% last year.
Beazley noted that professional services firms appear to have greater internal data controls in place, with unintended breaches accounting for 14% of all incidents in that sector. This is well below the average, but is trending upwards from the 9% recorded in H1 2016. Hacking and malware attacks accounted for 44% of breaches at professional services firms in H1, compared to 53% during the same period last year.