Cyberattacks on Insurers & Banks: A 2023 Study Reveals Widespread Threats & How to Protect Your Data
When you share your personal data with an insurance company or bank, you trust them to keep it safe. But what if that trust is being tested every single day? A new, eye-opening study reveals that successful cyberattacks on financial service providers and insurers are not the exception—they are the rule. Conducted by the ethical hacking platform YesWeHack, the research surveyed 208 companies across Germany, Austria, and Switzerland. The findings are stark: a mere 7% of firms reported no successful cyberattacks in the past 12 months. For you, the customer, this underscores a critical reality: understanding cybersecurity risks is now as important as understanding your insurance policy details. This article breaks down the threats and explains what they mean for the security of your personal information, financial data, and overall identity protection.
The Alarming Statistics: How Widespread Are the Attacks?
The study paints a clear picture of an industry under constant siege. The question is no longer *if* an institution will be attacked, but *how often* and *how severely*.
- 76% of companies experienced between 1 and 20 successful attacks.
- 11% faced 21 to 50 attacks.
- 4% endured over 50 successful breaches.
Company size plays a significant role. While 17% of firms with revenue under €1 billion reported more than ten attacks, that number skyrockets to 46% for corporations with revenue over €10 billion. Larger organizations are bigger targets with more complex systems, creating more potential entry points for hackers.
Top 5 Cyberattack Methods Targeting Your Financial Data
Hackers have moved beyond simple tactics. They now employ sophisticated methods designed to exploit business processes and human behavior. Here are the top five attack vectors identified in the study, explained in terms of the risk they pose to your data.
| Attack Type | % of Companies Affected | How It Works & Risk to You |
|---|---|---|
| 1. Business Process Compromise (BPC) | 53% | Hackers find logic flaws in a company's automated workflows (e.g., claims processing, fund transfers). This could lead to fraudulent transactions or manipulated policies affecting your accounts. |
| 2. Credential Theft (Phishing) | 51% | You receive a fake email or SMS pretending to be from your bank or insurer, tricking you into revealing login details. This gives hackers direct access to your accounts. |
| 3. Ransomware & Malware | Not specified (Rank 3) | Malicious software locks or encrypts a company's systems/data. While the company is the direct target, your claim processing or policy services could be severely disrupted. |
| 4. Insider Threats | 38% | Former employees or partners use their insider knowledge to facilitate data theft. Your personal information could be sold on the dark web. |
| 5. Database Attacks (e.g., Brute Force) | 37% | Hackers use automated tools to guess passwords and breach databases. Weak or reused passwords on your end can increase this risk. |
What Are Companies Doing to Protect Your Data?
Despite the high attack rate, the study found that the financial sector is generally proactive about defense. Regulatory frameworks like BAIT (Bankaufsichtliche Anforderungen an die IT) mandate regular security assessments. Most companies employ a mix of strategies:
- 71% use one-time penetration tests by external experts.
- 60% conduct internal security audits.
- 39% participate in ongoing bug bounty programs, paying ethical hackers to find vulnerabilities before criminals do.
This multi-layered approach is crucial. As Phil Leatham from YesWeHack notes, "As companies grow, the number and complexity of processes increase exponentially, which presumably leads to more vulnerabilities."
How You Can Protect Yourself: A Customer's Cybersecurity Checklist
While institutions must fortify their defenses, you also have a role to play in protecting your data. Here are actionable steps you can take:
- Enable Multi-Factor Authentication (MFA): Always turn on MFA for your online banking and insurance portals. This adds a critical second layer of security beyond your password.
- Be Phishing-Aware: Never click links or download attachments from unsolicited emails or texts, even if they appear to be from your insurer. Contact the company directly through their official website or app.
- Use Strong, Unique Passwords: Employ a password manager to create and store complex passwords for every financial account. Avoid reusing passwords.
- Monitor Your Accounts: Regularly review bank statements and insurance policy details for any unauthorized activity. Consider signing up for credit monitoring services.
- Ask About Cyber Insurance: Inquire if your homeowners insurance or a separate cyber insurance policy offers protection for personal identity theft or financial fraud. This is becoming an essential component of personal risk management.
The digital landscape is evolving, and so are the threats. By understanding the risks and taking proactive steps, both companies and customers can build a more resilient financial ecosystem. Your data's security depends on a partnership between robust institutional defenses and informed, vigilant personal habits.
Insurers and brokers are grappling with backlogs in claims management, rising claim frequencies, a shortage of skilled workers, and growing customer expectations. Manual processes are expensive and slow.