The financial industry suffered the most data breaches in 2023—including a single attack that affected nearly 1,000 institutions

Kroll’s 2024 Data Breach Outlook report also shows that social engineering attacks, such as phishing scams, are on the rise.

“The financial sector is an attractive target for cyber criminals not only for the immediate financial gain but also due to the wealth of sensitive customer information it holds,” reads the report, which was published Feb. 7 and covers 10 separate industries. 

The report explains that a key threat, besides direct attacks on an organization, is potential third-party risk at various points in supply chains or among organizations that use outsourcing.

The most high-profile of those attacks cited in Kroll’s report, one that pushed the financial sector back into the top spot, was the CL0P ransomware attack on the data transfering platform MOVEit, from Progress Software.

On May 27, CL0P, a Russian ransomware gang, injected instructions into the MOVEit code that then allowed them to steal data from transfers made using MOVEit. By June, Progress Software disclosed that the firm had discovered five more such cyber attacks, also known as SQL injection vulnerabilities.

Financial institutions that had used MOVEit’s services then realized that some of their clients had been compromised after CL0P created a victim-shaming site.

“This type of activity and its impact underscores the fragility of organizational interdependence and the extent of third-party risk,” reads the report, authored by David White, global head of breach notification at Kroll.

In sum, almost 1,000 institutions—both in the public and private sector—were affected by the CL0P-MOVEit attack, including major firms like Deloitte, Ernst & Young, Deutsche Bank, and several U.S. agencies.

“The MOVEit vulnerability was a perfect example of the ripple effect one attack can have on an ecosystem of connected companies,” the report reads. “Indeed, third-party risk is now presenting as a key area of concern due to shifting threat actor behaviors and priorities.”

The health care sector, which ranked first in 2022, ranked second last year, with third place belonging to professional services, which includes social engineering attacks such as phishing scams where victims are tricked into providing sensitive information. The most commonly seen scam, the report notes, involved bogus business emails that looked authentic.

“As part of the rise in social engineering, business email compromise continued to grow steadily in popularity, with both established and newer threat actor groups using a range of tactics to access data and in some cases, ransom the information,” reads the latest Threat Landscape report, also from Kroll.