Number of major cyber attacks against financial institutions spike and whistleblower reports are expected to rise as regulators tighten regulations

Cyberattacks in the financial sector have skyrocketed by all reliable data sources. According to VMware, U.S. financial institutions experienced a 238% increase in cyberattacks within the first six months of 2020 and the rate of such attacks has continued to increase through 2021 and into 2022. Financial institutions are being attacked by ransomeware groups, phishing, foreign nation state attackers, including those from Russia and CHina, and denial of service attackers. The Securities and Exchange Commission and other federal agencies have toughened and increased regulations now reuiring reporting of attacks within 72 hours to Homeland Security and development of more proficient internal controls and other security prevention mechanisms. The requirements include detection of cyberintrusions, mitigation and remediation of the intrusions, some of which start in one company and pass to their customers much as a virus performs in the human bodies. Investigation of the intrusions are required to be extensive and not limited to just stopping the intrusion but also examining its dept and breadth of penetration so that information theft can be stopped no matter how far the threat actor has reached.

Now employees within some of the companies are coming forward to report when companies hide intrusions or do not take them seriously enough to accomplish proper investigation and remediation. The Justice department has sued two giovernment contractors last year under the False Claims Act for cyber related deficiencies. Under the S.E.C. whistleblower program a whistleblower can receive between 10% to 30% of the money collected from successful cases. The agency rendered $130 million in 103 awards last year. To receive this award, the whistleblower must contribute substantially to the agency and present original information in detail about the intrusions and the company failure to report, investigate and or mitigate the events.

Jeffrey Newman is an attorney with the firm Newman & Shapiro and can be reached at Jnewman@NewmanShapiro.com or at 978-880-4758