Malware attacks most prevalent in financial and insurance services


Potential financial gain for cyber criminals makes businesses in the financial and insurance services sector a focus for malware attacks more than any other cyber incident, according to new research.

A report published by leading global advisory firm BDO, in conjunction with leading cyber emergency response team AusCERT, has revealed 20% of incidents experienced by respondents in the past financial year were malware attacks, compared to 16.7% for both ransomware and phishing attacks.

BDO National Leader for Cyber Security Leon Fouche said he was unsurprised by the high reporting of malware attacks on these type of businesses.

“Cyber criminals use malware to take control of a user’s computer system and perform fraudulent activities,” Mr Fouche said.

“Once they have access to someone’s private or financial account information the potential for financial gain, at the expense of an often unsuspecting victim, can be significant.

“But it’s not just the financial loss businesses need to be concerned about, the extensive reputational damage must also be considered.

“If organisations have to disclose they’ve been the victim of a cyber attack that has resulted in financial loss, there is significant reputational risk.”

Mr Fouche said what was equally alarming—particularly given the financial impact at play—was that a quarter of respondents in this sector stated they had not currently planned to report cyber security risk to the board or executives.

“Despite 51.6% of respondents in this sector currently reporting these risks to the board, it’s quite confronting when you see so many not even considering it in the future,” he said.

“It’s important the board and CEO continue to play an increasingly active role in the cyber security of their own business. After all, they are ultimately accountable for it.

“This is particularly important in this sector because data breaches will impact the reputation and financial stability of an organisation and it’s essential for boards and executives to be educated about the impact and likelihood of a cyber security incident, and what the organisation’s capabilities are to defend against it.”

Key Financial and Insurance statistics

Cyber security controls already or currently being adopted in the financial and insurance sector (% of respondents)

  • Patch management processes 64.5%
  • Privileged account management 74.2%
  • Email filtering system to block suspicious emails 93.5%
  • Regular cyber security risk assessments 54.8%
  • Cyber security awareness program 58.1%

Top three cyber security incidents experienced last financial year in the financial and insurance sector (% of respondents reported)

  • Malware/trojan infections 20%
  • Phishing/targeted malicious emails 16.7%
  • Ransomware 16.7%

You must be logged in to post or view comments.