Hacking and malware attacks including ransomware attacks continue to be the leading cause of breaches, accounting for 32 percent of the 1,330 incidents that insurer Beazley’s in-house Breach Response Services helped clients handle in the first half of the year.
However, accidental breaches caused by employee error or data breached while controlled by third party suppliers continue to be a major problem, accounting for 30 percent of breaches overall, only slightly behind the level of hacking and malware attacks, according to insurer Beazley’s Breach Insights findings based on its U.S. client data in the first six months of 2017.
In the healthcare sector these accidental breaches represent, by a significant margin, the most common cause of loss at 42 percent of incidents.
According to Katherine Keefe, global head of BBR Services, the continuing high level of unintended breaches shows no signs of abating and suggests that organizations are still failing to implement measures needed to safeguard client data and confidentiality.
“They are a persistent threat and expose organizations to greater risks of regulatory sanctions and financial penalties,” said Keefe. “Yet they can be much more easily controlled and mitigated than external threats. We urge organizations not to ignore this significant risk and to put more robust systems and procedures in place.”
In June, the BBR Services team worked with insured clients to provide legal and forensics services in response the international NotPetya ransomware attacks.
Ransomware attacks continued their rise in the first half of 2017, up by 50 percent over the first half of 2016.
During the first half of 2017, Beazley Breach Response Services managed 1,330 incidents on behalf of clients, compared to 955 incidents during the same period 2016.
Beazley’s 2017 Data Breach Trends
Unintended disclosure – sending bank account details or personal information to the incorrect recipient – grew to 29 percent in H1 2017 from 25 percent in H1 2016, a level that has remained consistent since 2014. Hacks and malware were on a downward trend representing 37 percent of breaches in 1H 2017compared to 46 percent of breaches in H1 2016.
At first glance, professional services firms appear to have greater internal controls in place with unintended breaches accounting for 14 percent of all incidents, well below the average for the period in question. However, the trend is tracking adversely, up from 9 percent in H1 2016. Firms in the sector were not immune to hacking and malware attacks, with these incidents accounting for 44 percent of breaches in the time period compared to 53 percent in 1H 2016. Social engineering scams, including IRS form W2 fraud and requests for fraudulent wire transfers, were a major driver of attacks at the beginning of 2017.
Unintended disclosures caused 26 percent of breaches in 1H 2017 in the higher education sector. While slightly down on the 28 percent recorded in 1H2016, this still represents a quarter of all breaches that could be mitigated through more effective controls and processes. Hacks and malware accounted for nearly half of higher education data breaches in the first six months of 2017 (43 percent), roughly even with the 45 percent of breaches caused by hacking in the same period in 2016. Of these, 41 percent were due to phishing.
Mistakes in Healthcare
Unintended disclosure – such as misdirected faxes and emails or the improper release of discharge papers – continued to drive the majority of healthcare losses, leading to 42 percent of industry breaches in 1H 2017 equal to the proportion of these breaches in the industry in 1H 2016. Hacks and malware accounted for only 18 percent of healthcare data breaches in 1H 2017, compared to 17 percent in 1H 2016.