660 financial firms hit by cyber attacks in 2023
The Information Commissioner’s Office (ICO), the data regulator, says financial firms were the most targeted by cyber attackers in 2023.
The ICO is urging organisations to boost their cyber security this year and protect customers' personal information due to the growing threat of cyber attacks.
Finance has become the most targeted sectors, the ICO warned.
Over 3,000 cyber breaches were reported to the ICO in 2023, with the finance (22%), retail (18%) and education (11%) sectors reporting the most incidents.
Based on ICO data, about 660 financial firms were hit by cyber attacks in 2023.
The ICO’s own trend data reveals that more organisations than ever are experiencing cyber security breaches putting people’s personal information at risk.
In a new report published today, the ICO has analysed the data breach reports it receives.
In one example, a hacker was able to penetrate a retailer’s defences and install malware on over 5,000 payment terminals, potentially enabling them to ‘harvest’ customers’ card details when they paid.
On another occasion, a simple phishing email to a construction company compromised the personal information of over 100,000 people.
The “Learning from the mistakes of others” report has advice to help organisations to understand common security failures and take steps to improve their own security.
Stephen Bonner, deputy commissioner for regulatory supervision at the ICO, said: “While cyber attacks are growing more sophisticated, we find that many organisations are not responding accordingly and are still neglecting the very foundations of cyber security.
“As the data protection regulator, we want to support and empower organisations to get this right. While there is no single solution to prevent cyber attacks, there is absolutely no excuse for not having the foundational controls in place.
“These are essential to protecting people’s personal information and we will take action, including fines, against organisations that are still not taking simple steps to secure their systems.
The report focuses on five leading causes of cyber security breaches:
- Phishing – where scam messages trick the user and persuade people to share passwords or accidentally download malware.
- Brute force attacks - where criminals use trial and error to guess username and password combinations, or encryption keys.
- Denial of service – where criminals aim to stop the normal functioning of a website or computer network by overloading it.
- Errors – where security settings are misconfigured, including being poorly implemented, not maintained and or left on default settings.
- Supply chain attacks - where products, services, or technology organisations use are compromised and then used to infiltrate their own systems.
The ICO said that organisations experiencing a data breach as a result of a cyber attack, should report it to the ICO within 72 hours of becoming aware of it.