Connect with us

FINANCE

Revealed: Banking and finance businesses failing to report data breaches

The real extent of the banking and finance sector’s problem with data breaches has been revealed by a survey which suggests 2 in 5 IT workers in the industry are keeping them quiet.

Johnstone . R

Johnstone . R

Data breaches have hit the news already in 2017 with high profile cases such as mobile phone company Three – where an employee’s password was stolen in March and the data of 200,000 customers compromised.

Then in April, cybercriminals seized 250,000 customer records at Wonga – including bank account details.

However, it seems these stories may be only the tip of the iceberg.

The Crown Records Management Survey, undertaken by Censuswide, polled 408 IT decision makers in companies of between 100 and 1,000 employees across the country.

It provided some shocking results which suggest many of the sector’s data breaches are going unreported.

The most hard-hitting statistics in the banking and finance sector include:

  • 43 per cent know someone in their company who has not reported a data breach – the highest percentage amongst all the sectors surveyed.
  • 40 per cent have delayed reporting a data breach to senior management or the appropriate authorities – again, the highest figure amongst those surveyed.
  • 41 per cent have chosen not to report a breach to senior management or the appropriate authorities.
  • 30 per cent know someone in their previous company who has not reported a data breach.

There was a slight silver lining however, with just 8 per cent of those in banking and finance unsure who to report a data breach to, and only 4 per cent unsure what constitutes a data breach. For comparison 11 per cent of those polled overall were unsure who to report a data breach to, and 8 per cent were unsure what constituted a data breach.

“Some of these statistics really are shocking and suggest that data breaches may be far more common and more widespread than many people realise, even in industries such as banking, which handles large quantities of sensitive customer data.” said Dominic Johnstone, Head of Information Management at Crown Records Management.

“There appears to be a culture inside many companies that the best response to a breach is to ignore it or keep it quiet.

“Perhaps this comes from a fear of the loss of reputation which can be experienced when breaches are publicised. Or perhaps it is simply down to lack of a clear procedures and information management in the business. Either way, the implications are serious.”

New legislation, such as the UK Data Bill and the forthcoming EU General Data Protection Regulation, due to come into force in May 2018, include measures to tackle data breaches.

The latter will bring in huge fines for businesses which suffer breaches as a result of poor compliance. It also sets a strict timeframe for the reporting of breaches – with fines for those who do not meet them.

“It is absolutely vital that businesses tackle this culture of secrecy because in future unprotected data loss will simply not be acceptable,” Johnstone said. “In fact, it shouldn’t be acceptable now.

“Having a clear data protection and information management programme in place is vital for businesses to avoid these kind of problems. It should be very clear who is responsible for reporting breaches and who they should be reported to.

“Until businesses grasp how much a breach can cost them – both financially and in terms of reputation – this problem is not going to go away.”

Continue Reading
Editorial & Advertiser disclosureOur website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.

Recent Posts