Banks Lack Confidence They Can Detect Data Breaches

Consumers are quite confident banks and insurers can keep their data safe, but these organisations aren’t that sure.

Just one in five (21 percent) of financial service organisations admitted they’re "highly confident" they could detect a data breach. On the other hand, 83 percent of consumers trust banks and insurers with their data.

A new report by Capgemini has shown that financial institutions lack a significant amount of confidence when it comes to data protection.

Looking at the UK specifically, the figures didn’t change much. More than four-fifths (82 percent) of consumers trust financial institutions. The institutions, however, severely lack confidence. Just 19 percent are confident they could spot a data breach.

Capgemini say the level of consumer trust may be down to organisations not reporting on incidents. Just three percent of consumers believe their bank suffered a data breach, while in reality, 26 percent actually suffered a data breach in the last year.

"We’ve seen a mixed performance from the UK, with clear progress being made in preparation for GDPR (General Data Protection Regulation), but a clear gap in perception on the security performance of the UK financial industry.

The General Data Protection Regulation is a regulation by which the European Parliament, the European Council and the European Commission intend to strengthen and unify data protection for individuals within the European Union (EU).

The regulation was adopted on 27 April 2016. It enters into application 25 May 2018 after a two-year transition period and, unlike a directive, it does not require any enabling legislation to be passed by national governments.

“It’s not surprising the UK is doing well when it comes to GDPR though, as existing mandates such as the data protection law, while not mandatory, encourage the UK financial industry to meet these requirements already," comments Kristofer le Sage de Fontenay, head of UK Financial Service practice at Capgemini Consulting.

"What the UK should worry about is the gap in perception of trust in financial institutions from the public versus the reality. Currently we’re seeing consumers placing a lot of faith in the financial services industry when it comes to protecting their data.

“This may be due to the lack of data breaches disclosed by the industry. However, as GDPR comes into effect, expect this trust to be tested when banks and insurers are forced to reveal breaches.

“The industry should be making it a priority to ensure they are putting in the right threat intelligent solutions to protect their customers’ data and proactively informing them when a breach occurs.

“UK consumers are more likely than most to switch to a competitor should a breach occur. This means the industry needs to get its houses in order now, before it’s too late."

The drivers behind the GDPR are twofold

Firstly, the EU wants to give people more control over how their personal data is used, bearing in mind that many companies like Facebook and Google swap access to people's data for use of their services.

The current legislation was enacted before the internet and cloud technology created new ways of exploiting data, and the GDPR seeks to address that. By strengthening data protection legislation and introducing tougher enforcement measures, the EU hopes to improve trust in the emerging digital economy.

Secondly, the EU wants to give businesses a simpler, clearer legal environment in which to operate, making data protection law identical throughout the single market (the EU estimates this will save businesses a collective €2.3 billion a year).

When will the GDPR apply?

The GDPR will apply in all EU member states from 25 May 2018. Because GDPR is a regulation, not a directive, the UK does not need to draw up new legislation - instead, it will apply automatically. While it came into force on 24 May 2016, after all parts of the EU agreed to the final text, businesses and organisations have until 25 May 2018 until the law actually applies to them.

Beta News:    Wikipedia GDPR:    ITPro:

EU General Data Protection Regulation Finally Passes:

UK Parliamentary Committee Wish To Penalise CEOs for Cyber Breaches (£):

 

« Norway Says Cyber Attacks Came From Russia
Is It Possible To Neutralise Fake News? »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CyTech Services

CyTech Services

CyTech provides unique services and solutions complemented with professional subject matter experts to both the Federal and Commercial sectors.

Malta Information Technology Agency (MITA)

Malta Information Technology Agency (MITA)

MITA is the central driver of Government Information and Communications Technology (ICT) policy, programmes and initiatives in Malta.

National Cyber Security Centre (NCSC) - Netherlands

National Cyber Security Centre (NCSC) - Netherlands

NCSC Netherlands coordinates enhancing the cyber resilience of the Netherlands in the digital domain.

Zivver

Zivver

Zivver is the effortless, secure email platform, powering the next generation of secure communications.

Azeti Networks

Azeti Networks

Azeti Networks is a global provider of IoT technology to a variety of verticals including telecomms, oil/gas, manufacturing, finance and healthcare.

Flexera

Flexera

Flexera is reimagining the way software is bought, sold, managed and secured.

SIGA

SIGA

SIGA provides cyber security solutions for Industrial Control Systems SCADA systems used in critical infrastructures and industrial processes.

OEDIV SecuSys

OEDIV SecuSys

OEDIV SecuSys (formerly iSM Secu-Sys) develops high-quality IT software solutions, setting standards as a technology leader in the area of identity and access management.

CTERA Networks

CTERA Networks

CTERA provides cloud storage solutions that enable service providers and enterprises to launch managed storage, backup, file sharing and mobile collaboration services using a single platform.

Scantist

Scantist

Scantist is a cyber-security spin-off from Nanyang Technological University (Singapore) which leverages its expertise to provide vulnerability management solutions to enterprise clients.

Griffiss Institute (GI)

Griffiss Institute (GI)

GI's primary role is to advocate and facilitate the co-operation of private industry, academia, and the Air Force Research Laboratory in developing solutions to critical cyber security problems.

MISP Project

MISP Project

The MISP threat sharing platform is a free and open source software helping information sharing of threat intelligence including cyber security indicators.

Maritime Cyber Threats Research Group - University of Plymouth

Maritime Cyber Threats Research Group - University of Plymouth

The Maritime Cyber Threats research group of the University of Plymouth is focused on investigating marine cyber threats and researching solutions.

ClearVector

ClearVector

ClearVector is a leading provider of realtime, identity-driven security for the cloud.

Piiano

Piiano

Piiano offers developer-friendly privacy and security products. Reduce risk and protect your data by using our specialized security and privacy SaaS tools.

METCLOUD

METCLOUD

METCLOUD is driving a cloud evolution. A cloud that promises relentless cybersecurity, performance, resilience and sustainability.