15 Salient Financial Services Cybersecurity Statistics 2021

The need for financial services cybersecurity is clearly demonstrated by eye-opening financial services cybersecurity statistics and trends. Key cyberattack statistics in 2021 include:

1. Ransomware damage costs will rise to $20 billion by 2021 and a business will fall victim to a ransomware attack every 11 seconds at that time. (Cybersecurity Ventures)
2. The U.S. government allocated  a budget of $18.78 billion to cybersecurity for 2021. (Atlas VPN)
3. Cyberattacks on banks in 2020 and beyond will result in them losing $347 billion. Insurers will lose $305 billion and capital markets will lose $47 billion by 2024. (Accenture)
4. 86% of breaches in 2020 were financially motivated. (Verizon)
5. Cyberattacks on financial institutions in 2020 exposed an average of 352,771 sensitive files. (Varonis)
6. The average financial services employee has 11 million files available to them, while employees of large organizations can access 20 million files. (Varonis)
7. Cyberattacks demand more time to mitigate, including malware (89% more time), ransomware (30% more time), and phishing and social engineering attacks (22% more time). (Accenture)
8. 36 billion records were exposed by data breaches in the first half of 2020. (RiskBased Security)
9. Financial services cyberattacks in 2020 as a result of data breaches cost organizations an average of $3.86 million and took an average of 207 days to identify. (IBM)
10. Only 5% of corporate folders are securely protected. (Varonis)
11. The frequency of data breaches has increased by 67% since 2014. (Accenture)
12. Cyber crime results in a $2.9 million loss every minute. (RiskIQ)
13. 30% of all cyberattacks involve insider threats. (Verizon)
14. Cyber criminals launch cyberattacks every 39 seconds. (University of Maryland)
15. Because of the increasing number of cyberattacks on the financial sector, 70% of financial organizations rank cybersecurity as their biggest concern. (Conference of State Bank Supervisors)

Data breach statistics in 2021 show that financial services organizations are at considerable risk of cyber threats. This risk was proven by VMware Carbon Black threat data, which found that attacks targeted at the financial sector increased by 238% between February and April 2020. In particular, ransomware attacks on the financial industry increased ninefold and attempted wire fraud increased by 64% during this period.

The research also found that 80% of financial organizations reported an increase in the number of cyberattacks they faced. Even more concerningly, 82% said the attacks they faced had increased in sophistication over the previous 12 months.

The most common types of cyberattacks that financial services face include:

Many cyberattacks are highly organized, well-funded operations backed by foreign governments. These foreign entities typically target banks and stock exchanges to destabilize national security and threaten national economies. Others will hire hackers to attack other countries’ financial industries or spread fake news about financial markets to disrupt trade activity and volume.

Despite the increased regulatory compliance the financial services industry faces, many people feel there is not enough protection for consumers. As technology evolves rapidly, authorities need to ensure regulation keeps pace to protect banking organizations and their customers.

Account takeovers are one of the biggest threats facing financial services. This involves criminals gaining access to a customer’s bank account, then changing details to prevent access. These attacks typically occur through credential stuffing, which uses stolen password and username combinations to hack accounts, that can also be used to commit broader identity theft. 

Cyber criminals use cyberattacks to breach an organization’s defenses to steal data. They can then hold it to ransom, sell it for a profit, or share it on the dark web for other attackers to commit wider cyber crimes. Other malicious actors may manipulate data for financial gain or carry out more advanced attack vectors like distributed denial-of-service (DDoS) attacks.

Many security events are caused by human error, rather than intentional or malicious activity. A typical example of this is a bank employee opening a phishing email that automatically downloads a virus onto the organization’s network, leading to additional cybersecurity risks and wider attacks.

Ransomware is a form of malware that involves cyber criminals targeting devices and encrypting the data on them. This makes the computer or the data on it inaccessible, and the attacker demands a fee in return for unlocking the system. 

Phishing attacks involve cyber criminals spreading malware or malicious links through emails, text messages, and instant messaging services. Email-based phishing attacks typically involve a malicious link or attachment that either automatically downloads malware onto a device or takes the victim to a spoofed website, where the attacker can steal their data or login credentials.

Financial organizations are increasingly moving to the cloud and storing sensitive information in cloud data storage solutions. If such solutions are not secure or have vulnerabilities, attackers can exploit them to install malware and steal or delete data.  

Financial organizations also work with more third-party vendors to deliver services. This can increase the risk of an attack and widen the attack surface, especially if a vendor suffers a vulnerability that leads to the organization’s data being leaked or stolen.

New technologies increase the complexity of organizations' IT infrastructures. Cyber criminals are constantly discovering new attack methods and vulnerabilities, which help them exploit security gaps in increasingly complex technologies.