How Financial Organizations Can Stay Protected Against Financial Data Breaches


By Andrea Babbs, UK Managing Director of VIPRE

Andrea Babbs, UK Managing Director, VIPRE

Email is a crucial function of business communication, on which many organizations rely heavily. But as the pandemic has brought a new world of remote and hybrid working, it’s arguably more important than ever to keep individuals and organizations connected, wherever they are. A narcotic 333.2 billion emails are sent and received daily, but it’s inevitable that typos will occur or the wrong attachments will be sent to the wrong person. However, while innocent mistakes can happen, the consequences could be far more devastating.

The consequences of sending the wrong email in the financial sector, in particular, could be dramatic, both in terms of a company’s reputation and legal penalties. In an industry that deals with sensitive and valuable information, it is essential that financial organizations prioritize the security of their confidential data, says Andrea Babbs, UK Managing Director, VIPRE.

At what price ?

IBM’s latest Data breach report revealed that 2021 had the highest average data breach costs in seventeen years, rising from $3.86 million in 2020 to $4.24 million. Particularly in the financial services sector, to research indicates that cybercrime is more prevalent in this industry than any other. External and internal violations are equally dangerous, but human errors are almost twice as likely result in the disclosure of the data.

For example, if human errors occur in financial departments when sending internal emails, such as including the wrong people in the CC or attaching the wrong document, it can lead to serious problems because it can be perceived as “insider trading”. If two departments work for two directly competing clients and accidentally share material nonpublic information about each other, it could give the team and/or the client an unfair advantage in having this idea.

Depending on the size of the breach will determine the size of the cost. However, at a minimum, there will be penalties. Not only could there be a financial loss for the organization, but companies will have to pay for audits to understand what happened and what protocols need to be in place to prevent further attacks, as well as to compensate customers who were affected by the breach. .

Moreover, the consequences of a data breach are far worse than just financial loss. Companies in the financial sector have reputations to maintain in order to retain loyal customers, especially in such a demanding and competitive market. Yet, failing to protect sensitive customer information can lead to negative press, which can, in turn, make existing and potential customers anxious about an organization. This can potentially cause them to take their business and money elsewhere.

Strategy Checklist

A multi-layered cybersecurity strategy is essential in any industry to mitigate cyber threats and secure sensitive information. However, within the financial sector, it is more important than ever because the stakes are much higher. When reviewing a cybersecurity strategy, three things should be considered:

  1. Encryption and Authentication: Security protocols are designed to prevent the majority of instances of unauthorized interception, email spoofing and content modification. When a hacker attempts to infiltrate a business, they may attempt to intercept emails through transport links or attack systems directly. Although encryption services do not protect businesses against human error, including them in your email security strategy will help protect businesses from hackers intercepting emails.
  2. Training and guidelines: It is essential that companies have strict security rules and guidelines in place regarding the movement and storage of sensitive financial information. It should also provide clear guidance on the steps to be taken by employees in the event of a security incident.

Additionally, when employees first join an organization, they must participate in cybersecurity awareness training. However, this should be an ongoing program to ensure that all employees understand the role they play in keeping their organization safe. As part of this training, automated phishing simulations should be included to demonstrate how these threats can emerge so the user can identify and act on them. As a result of this training, key metrics and reports can be provided on how users are improving or where further training is needed.

By reinforcing key workplace safety messages, combined with simulated phishing attacks, ongoing training ensures individuals are able to identify potential attacks, while providing them with the skills to manage risk.

  1. DLP (Data Loss Prevention): It is crucial for businesses, especially financial firms, to deploy security measures for the detection and prevention of potential email threats, both internally and externally. Humans play a key role in deciding what is safe to send and what is not, but DLP solutions can support this process by providing the necessary alerts. For example, colleagues exchanging confidential documents in different areas of the company means that CC fields are likely to have multiple recipients. An incorrect email address is likely to be ignored without a tool in place to flag this error to the user, and instead offer them the opportunity to double-check the correctness of the email recipients and attachments. Supporting staff with a crucial second chance helps raise awareness and understanding of existing email threats, and provides that critical security step – before it’s too late.


Email will remain a critical communication platform, but will continue to be a high-risk tool for businesses and employees to communicate both internally and externally. And, especially for financial services organizations, as they remain a prime target for cyber hackers given the temptation to gain access to personal information and financial transactions. Therefore, the financial industry must prioritize cybersecurity and invest in a layered approach, which must include security awareness training and data loss prevention tools, to minimize human error and provide the strongest possible defense in the modern security landscape.


Comments are closed.