According to a Freedom of Information request carried out by law firm RPC, banks, insurers and other financial companies reported 140 data breaches to the the Information Commissioner's Office in the year to the end of March, up from 114 the previous year.
In 2013-14 there were 76 data thefts reported, but that had almost doubled by 2014-15.
The only sector which saw a reduction during 2015-16 was banks, with the number of reported data breaches down 45%, although with many breaches still going unreported the total number across the whole industry is likely to be much higher.
The number of reported data breaches is expected to jump sharply next May when the EU General Data Protection Regulation comes into force, as breaches will have to be reported to the ICO within 72 hours.
RPC legal director Philip Tansley said: “There’s a lot more cyber crime out there, and the companies that aren’t ready for it are getting hit more. Large, sophisticated organisations are getting more difficult to hack, but they also understand more about when they should notify the ICO.”
Last week, City watchdog the Prudential Regulation Authority urged insurers to conduct stress tests to measure the potential damage that a cyber attack could cause. It also called for board level oversight of cyber exposure.
Meanwhile, the ICO recently called on the cyber insurance industry to share annoymised data on cyber breaches to allow the sector to get a clearer picture of how the issue is affecting UK businesses.