Technology company Akamai Technologies, Inc. has recently published a State of the Internet report focusing on cyberattacks against the financial services industry. The report, titled “The High Stakes of Innovation: Attack Trends in Financial Services,” reveals that the financial services sector is the third-most targeted industry in the Europe, Middle East, and Africa (EMEA) region. In the second quarter of 2023, there were approximately 1 billion web application and API attacks on financial services organizations, representing a significant 119% surge compared to the same period in 2022.
One notable finding from the report is that insurance is the most targeted sub-vertical within the financial services industry in the EMEA region. Around 54.5% of all web attacks were directed at insurance companies, indicating a 68% increase in attacks compared to the previous year. The attractiveness of insurance companies as targets for cybercriminals stems from the extensive amount of personally identifiable information they possess, which is more appealing than the predominantly financial data held by other financial services organizations.
The State of the Internet report also highlights that EMEA experiences the highest number of Distributed Denial-of-Service (DDoS) attack events globally, accounting for 63.5% of attacks. This figure is nearly double the number in North America, the second most targeted region at 32.6%. Among the EMEA countries, the United Kingdom leads with 29.2% of the DDoS attack events, closely followed by Germany at 15.1%. Akamai suggests that the increase in attack events in EMEA is primarily motivated by financial and political factors, specifically Russia’s ongoing conflict with Ukraine. The report posits that European banks affiliated with Ukraine are targeted due to their alliances, leading to a surge in attack events in the region.
Additional key findings from the report include the observation that DDoS attacks on financial services companies accounted for 1,466 out of the 2,590 attack events in EMEA between January 2022 and June 2023, representing a 40% year-over-year increase. EMEA also witnessed a higher number of DDoS attack events against the gambling, commerce, and manufacturing verticals compared to other regions combined. Moreover, financial services organizations in EMEA rely less on third-party scripts, with only 24% of their scripts coming from external sources, compared to 36% in other industries.
Richard Meeus, Akamai’s Director of Security Technology and Strategy in EMEA, emphasized the importance for financial services companies to align their security strategies with emerging laws and regulations. He acknowledged that as cybercriminals continue to target the industry, it is crucial for organizations operating in the highly regulated financial services sector to prioritize the security of their customers. Meeus believes that the insights provided in the report can equip the sector with the necessary tools to enhance their security posture.
In conclusion, Akamai’s State of the Internet report sheds light on the increasing prevalence of cyberattacks against the financial services industry in the EMEA region. The findings highlight the vulnerability of insurance companies due to the extensive personal information they hold and underline the significance of aligning security strategies with regulatory requirements. By recognizing these trends and implementing proactive security measures, financial services organizations can work towards safeguarding their customers and mitigating the risks posed by cyber threats.