Data belonging to as many as 20.4 million people was compromised in cyber attacks on financial services firms in 2023, according to figures released by the Information Commissioners’ Office.

This marks a 143% increase from 8.4 million individuals affected in 2022.

Ben Marsh, class underwriter at Chaucer commented: “The main effort of cyber attacks on a pension fund or a bank is rarely the theft of assets held by the bank. More often, it is an attempt to steal personal data that can then be resold or held for extortion as part of a ransomware attack.”

“Financial services businesses will often hold huge amounts of data they collect as part of their client onboarding process such as debit and credit card numbers, passports, address information, and other ID documents. This data is highly valuable and is regularly traded on the dark web.”

“Financial services firms are also thought to be more susceptible to the blackmail element of ransomware attacks. If a financial services firm loses its reputation for data security, then it could rapidly lose clients and could impact shareholder trust."

---