Only 20% Of UK Banks Can Properly Detect Breaches

Uploaded on 2017-02-22 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

Only one bank in five is highly confident in its ability to detect a data breach, with 50% of financial institutions having inadequate data security frameworks or privacy policies in place, research suggests.

Consultancy Capgemini surveyed 7,600 consumers and 183 senior security and privacy professionals from global banking and insurance firms in eight countries, including the UK, for its Currency of Trust report.

It found that the UK’s financial services organisations lag slightly behind the global average when it comes to confidence in their ability to detect a data breach, 19% vs 21%, although the country’s slightly ahead of the curve when it comes to having fully-automated cyber threat intelligence, 45% vs 40%.

When it comes to preparedness for GDPR, the upcoming EU-wide law that governs what penalties organisations will face for a data breach - the UK is also happily ahead of the game. Worldwide, only 32% of financial institutions consider themselves ready for the legislation, but in the UK that rises to 41%.

The UK also fares better than average when it comes to preventative measures, with only 31% taking three months to a year to patch and manage vulnerabilities, compared to a global average of 49%.

However, in some other areas UK financial institutions aren’t quite so virtuous. A total 83% of banks and insurance firms here retain customer data after they leave, compared to 78% globally. And, while more UK organisations update data consent clauses after a privacy policy is changed than the global average, at 26% it’s still very low.

Mike Turner, global cybersecurity chief operating officer at Capgemini, said: “Consumers implicitly trust banks with their money and data, but this faith is rooted in a mistaken belief their provider can be 100% secure. While banks are evolving to combat the sophisticated threat cyber criminals pose, public understanding of the threats and challenges remains low.

“The introduction of GDPR legislation next year is a prime opportunity for business transformation for banks and insurers to become the digital fortresses consumers believe them to be.”

What is a data breach?

Also known as a data leak or unintentional disclosure, a data breach occurs when confidential information falls into the wrong hands. This could be due to the work of hackers, a malicious internal actor, an oversight or a system failure.

For example, hackers stealing credit card information, an employee passing IP or financial data onto competitors, someone leaving a USB stick on a train, and the accidental attachment of a patient list to an email would all count as a data breach.

Data breach consequences

In the UK, a data breach can currently cost an organisation a fine of up to £500,000 if it is found to have been in contravention of the Data Protection Act 1998.

However, from May 2018, that figure will rise significantly thanks to GDPR, with fines of up to €10 million or 2% of annual turnover (whichever is greater) waiting for the worst offenders. You can find out more about GDPR here.

Famous data breaches

Famous recent data breaches include the 2014 Yahoo hack (revealed in 2016), with the details of up to 500 million customers stolen, the 2015 hacks of TalkTalk and Ashley Madison, which affected 4 million and 37 million customers respectively, and the Sony Pictures Entertainment hack, which led to the exfiltration of around 100 terabytes of data, according to the perpetrators.

ITPro

Tesco Could Have Been Facing £2bn Fine After The Bank Hack:

TalkTalk's Cybersecurity Lesson:        Hackers Target All The Major UK Banks:

 

« The 4th Industrial Revolution:Can Democracy Survive ?
How To Eliminate Insider Threats »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Asigra

Asigra

Asigra provides an industry leading cloud backup and recovery software platform called Asigra Cloud Backup.

LSEC

LSEC

LSEC is a global innovator and facilitator for the Cybersecurity industry. It is a non-profit membership organisation supporting further maturing the industry through its end users.

PRODAFT

PRODAFT

PRODAFT, Proactive Defense Against Future Threats, is a cyber security and cyber intelligence company providing solutions to commercial customers and government institutions.

OutThink

OutThink

OutThink is a web-based platform (SaaS) that has been developed specifically to identify and reduce risky workforce behaviours and build a risk aware culture.

North European Cybersecurity Cluster (NECC)

North European Cybersecurity Cluster (NECC)

NECC promotes information security and cybersecurity-related cooperation and collaboration in the Northern European region in order to enhance integration into the European Digital Single Market.

Aspisec

Aspisec

Aspisec is a cybersecurity company specialized in Firmware Security and Critical Infrastructure Protection.

PizzlySoft

PizzlySoft

PizzlySoft is a global company that is seeking convergence of network and security / software and hardware. We put our value on creating the best security.

ANSEC IA

ANSEC IA

ANSEC is a consultancy practice providing independent Information Assurance and IT Security focussed services to customers throughout the UK, Ireland and internationally.

ImmuniWeb

ImmuniWeb

We Simplify, Accelerate and Reduce Costs of Security Testing, Protection and Compliance.

Picnic

Picnic

Picnic is a gritty, pioneering team of intelligence and cybersecurity specialists focused on solving the security challenge of our time - social engineering.

SecurityGen

SecurityGen

SecurityGen is a global cybersecurity start-up focused on telecom security, with a focus on 5G networks.

AVEVA

AVEVA

AVEVA has a long history in providing Supervisory Control and Data Acquisition software for meeting complex and evolving automation requirements.

Contextal

Contextal

Contextal develops cutting-edge open-source cybersecurity solutions, designed to connect the dots and detect complex threats, which slip through the existing protections.

Eclypses

Eclypses

Eclypses has a disrupting cyber technology, offering organizations an advanced data security solution called MicroToken Exchange (MTE).

Loccus AI

Loccus AI

Loccus are developers of AI solutions in the voice safety space. We build identity verification solutions, deepfake detection systems and fraud protection products for companies and end-users.

HanaByte

HanaByte

HanaByte is a security consultancy focused on delivering state of the art solutions in the cloud. We specialize in delivering cloud services with an emphasis on security.