A cyber security expert has warned that the potential financial gain for cyber criminals who manage to compromise businesses in the financial and insurance services sector is the most likely cause of a rise in malware attacks observed in recent times.A report published this month by global advisory firm BDO, in conjunction with cyber emergency response team AusCERT, has revealed 20 per cent of cyber-crime incidents experienced by respondents in the past financial year were malware attacks, compared to 16.7 per cent for both ransomware and phishing attacks.BDO's national leader for cyber security, Leon Fouche, said he was unsurprised by the high reporting of malware attacks on these types of businesses."Cyber criminals use malware to take control of a user's computer system and perform fraudulent activities," Fouche said.He noted that cybercrime had taken a more subtle turn in recent years. "The banking sector, especially the big banks, have invested a lot of money into cyber security. So what we are seeing are cyber criminals moving on to other sectors such as healthcare, education, professional services and listed retail companies," Fouche said."Those sectors are being targeted because they have a lot of personal information which the criminals are then using to create credentials that will give them access to those same bank accounts that they were unable to access directly."Fouche said there are instances where phishing and similar scams were being tried against smaller financial institutions in particular. "That says to me the banking sector, and especially the smaller financial services organisations, like credit unions, need to make their staff aware of the dangers of external access of data through a third party that has been compromised."In Australia, mandatory data breach reporting rules are on the way, which will mean that, instead of the average 240 days it currently takes companies to steel themselves to report a breach, they will be required to do so within 30 days.Fouche noted that, looking globally, no data breaches at all were reported externally ten years ago. "In the current environment, where data breach reporting is mandatory, up to 80 per cent of breaches are reported externally," he said. It will become increasingly difficult to suppress data breaches - actual or suspected - and in any case, there will be a legal imperative to act within 30 days. "Importantly, external advisers as well as shareholders and internal users will all have access to far more information on data breaches and the degree of preparation each bank has undertaken - certainly this will become a point of difference," Fouche said.