Banks Lack Confidence They Can Detect Data Breaches
Consumers are quite confident banks and insurers can keep their data safe, but these organisations aren’t that sure.
Just one in five (21 percent) of financial service organisations admitted they’re "highly confident" they could detect a data breach. On the other hand, 83 percent of consumers trust banks and insurers with their data.
A new report by Capgemini has shown that financial institutions lack a significant amount of confidence when it comes to data protection.
Looking at the UK specifically, the figures didn’t change much. More than four-fifths (82 percent) of consumers trust financial institutions. The institutions, however, severely lack confidence. Just 19 percent are confident they could spot a data breach.
Capgemini say the level of consumer trust may be down to organisations not reporting on incidents. Just three percent of consumers believe their bank suffered a data breach, while in reality, 26 percent actually suffered a data breach in the last year.
"We’ve seen a mixed performance from the UK, with clear progress being made in preparation for GDPR (General Data Protection Regulation), but a clear gap in perception on the security performance of the UK financial industry.
The General Data Protection Regulation is a regulation by which the European Parliament, the European Council and the European Commission intend to strengthen and unify data protection for individuals within the European Union (EU).
The regulation was adopted on 27 April 2016. It enters into application 25 May 2018 after a two-year transition period and, unlike a directive, it does not require any enabling legislation to be passed by national governments.
“It’s not surprising the UK is doing well when it comes to GDPR though, as existing mandates such as the data protection law, while not mandatory, encourage the UK financial industry to meet these requirements already," comments Kristofer le Sage de Fontenay, head of UK Financial Service practice at Capgemini Consulting.
"What the UK should worry about is the gap in perception of trust in financial institutions from the public versus the reality. Currently we’re seeing consumers placing a lot of faith in the financial services industry when it comes to protecting their data.
“This may be due to the lack of data breaches disclosed by the industry. However, as GDPR comes into effect, expect this trust to be tested when banks and insurers are forced to reveal breaches.
“The industry should be making it a priority to ensure they are putting in the right threat intelligent solutions to protect their customers’ data and proactively informing them when a breach occurs.
“UK consumers are more likely than most to switch to a competitor should a breach occur. This means the industry needs to get its houses in order now, before it’s too late."
The drivers behind the GDPR are twofold
Firstly, the EU wants to give people more control over how their personal data is used, bearing in mind that many companies like Facebook and Google swap access to people's data for use of their services.
The current legislation was enacted before the internet and cloud technology created new ways of exploiting data, and the GDPR seeks to address that. By strengthening data protection legislation and introducing tougher enforcement measures, the EU hopes to improve trust in the emerging digital economy.
Secondly, the EU wants to give businesses a simpler, clearer legal environment in which to operate, making data protection law identical throughout the single market (the EU estimates this will save businesses a collective €2.3 billion a year).
When will the GDPR apply?
The GDPR will apply in all EU member states from 25 May 2018. Because GDPR is a regulation, not a directive, the UK does not need to draw up new legislation - instead, it will apply automatically. While it came into force on 24 May 2016, after all parts of the EU agreed to the final text, businesses and organisations have until 25 May 2018 until the law actually applies to them.
Beta News: Wikipedia GDPR: ITPro:
EU General Data Protection Regulation Finally Passes:
UK Parliamentary Committee Wish To Penalise CEOs for Cyber Breaches (£):