Banks Show a Woeful Lack of Data Security

Written by

About 83% of consumers believe their banks are secure from cyber attack and trust it with their money and most sensitive data too, but their faith is misplaced.

A report from Capgemini found that just one in five banking executives (21%) are “highly confident” in their ability to detect a breach, let alone defend against it.

This perception gap is highlighted by the fact that one in four banks report they have been victim of a hack, yet just 3% of consumers believe their own bank has ever been breached.

The report also found that financial services institutions also are challenged to secure data: 71% of banks do not have a balanced security strategy nor strong data privacy practices, and less than half of banking and insurance companies (40%) have automated security intelligence capabilities to proactively detect sophisticated threats.

Yet overall, banks and insurers enjoy a significantly higher level of trust from consumers in the cybersecurity of their systems than any other sector—and most view trust in data privacy and security as an extremely significant factor when choosing their bank (65%). Perhaps because of that, the consequences of violating that trust could be severe. About three-quarters  of consumers would switch their bank or insurer in the event of a data breach

“Consumers implicitly trust banks with their money and data, but this faith is rooted in a mistaken belief their provider can be 100% secure,” said Mike Turner, global cybersecurity COO at Capgemini. “While banks are evolving to combat the sophisticated threat cybercriminals pose, public understanding of the threats and challenges remains low.”    

Also worth discussing is the fact that GDPR will lead to a rude awakening for many: European legislation due to come into effect in 2018 will force any bank worldwide doing business in the EU to disclose data breaches within 72 hours or face large penalties, meaning successful attacks will become much more visible for consumers.

“When GDPR is introduced and all breaches are likely to be made public soon after they occur, many people will be in for a surprise,” said Zhiwei Jiang, global head of Financial Services, Insights & Data at Capgemini. “The introduction of GDPR legislation next year is a prime opportunity for business transformation for banks and insurers to become the digital fortresses consumers believe them to be.”

What’s hot on Infosecurity Magazine?