Only 20% Of UK Banks Can Properly Detect Breaches

Only one bank in five is highly confident in its ability to detect a data breach, with 50% of financial institutions having inadequate data security frameworks or privacy policies in place, research suggests.

Consultancy Capgemini surveyed 7,600 consumers and 183 senior security and privacy professionals from global banking and insurance firms in eight countries, including the UK, for its Currency of Trust report.

It found that the UK’s financial services organisations lag slightly behind the global average when it comes to confidence in their ability to detect a data breach, 19% vs 21%, although the country’s slightly ahead of the curve when it comes to having fully-automated cyber threat intelligence, 45% vs 40%.

When it comes to preparedness for GDPR, the upcoming EU-wide law that governs what penalties organisations will face for a data breach - the UK is also happily ahead of the game. Worldwide, only 32% of financial institutions consider themselves ready for the legislation, but in the UK that rises to 41%.

The UK also fares better than average when it comes to preventative measures, with only 31% taking three months to a year to patch and manage vulnerabilities, compared to a global average of 49%.

However, in some other areas UK financial institutions aren’t quite so virtuous. A total 83% of banks and insurance firms here retain customer data after they leave, compared to 78% globally. And, while more UK organisations update data consent clauses after a privacy policy is changed than the global average, at 26% it’s still very low.

Mike Turner, global cybersecurity chief operating officer at Capgemini, said: “Consumers implicitly trust banks with their money and data, but this faith is rooted in a mistaken belief their provider can be 100% secure. While banks are evolving to combat the sophisticated threat cyber criminals pose, public understanding of the threats and challenges remains low.

“The introduction of GDPR legislation next year is a prime opportunity for business transformation for banks and insurers to become the digital fortresses consumers believe them to be.”

What is a data breach?

Also known as a data leak or unintentional disclosure, a data breach occurs when confidential information falls into the wrong hands. This could be due to the work of hackers, a malicious internal actor, an oversight or a system failure.

For example, hackers stealing credit card information, an employee passing IP or financial data onto competitors, someone leaving a USB stick on a train, and the accidental attachment of a patient list to an email would all count as a data breach.

Data breach consequences

In the UK, a data breach can currently cost an organisation a fine of up to £500,000 if it is found to have been in contravention of the Data Protection Act 1998.

However, from May 2018, that figure will rise significantly thanks to GDPR, with fines of up to €10 million or 2% of annual turnover (whichever is greater) waiting for the worst offenders. You can find out more about GDPR here.

Famous data breaches

Famous recent data breaches include the 2014 Yahoo hack (revealed in 2016), with the details of up to 500 million customers stolen, the 2015 hacks of TalkTalk and Ashley Madison, which affected 4 million and 37 million customers respectively, and the Sony Pictures Entertainment hack, which led to the exfiltration of around 100 terabytes of data, according to the perpetrators.

ITPro

Tesco Could Have Been Facing £2bn Fine After The Bank Hack:

TalkTalk's Cybersecurity Lesson:        Hackers Target All The Major UK Banks:

 

« The 4th Industrial Revolution:Can Democracy Survive ?
How To Eliminate Insider Threats »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Cyber Conflict Studies Association (CCSA)

Cyber Conflict Studies Association (CCSA)

Cyber Conflict Studies Association (CCSA) is a non-profit organization dedicated to leading a diversified research agenda in the field of cyber conflict.

Logscape

Logscape

Logscape provides a big data analytical tool for log file analysis and operational analytics.

Cyberia Group

Cyberia Group

Cyberia is a leading Internet and Security services provider with operations in Saudi Arabia, Lebanon and Jordan.

Total Defense

Total Defense

Total Defense solutions include anti-malware, anti-virus, intrusion prevention & mobile security.

Xage Security

Xage Security

Xage is the world’s first blockchain-protected security platform for Industrial IoT.

Securitybulls

Securitybulls

Securitybulls is an information security firm offering an encyclopedic penetration testing & IT security assessment service for your organization.

Risk Ident

Risk Ident

RISK IDENT specializes in supporting enterprises in identifying and preventing criminal activity like payment fraud, account takeovers and identity theft.

Firedome

Firedome

Firedome's tailormade solution for IoT companies is designed to proactively prevent, detect, and respond to inevitable vulnerabilities in connected devices.

Cyber Threat Alliance

Cyber Threat Alliance

CTA is working to improve cybersecurity of our digital ecosystem by enabling near real-time cyber threat information sharing among companies and organizations in the cybersecurity field.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Cyentia Institute

Cyentia Institute

The Cyentia Institute is a research & data science firm with a mission to advance knowledge in the cybersecurity industry.

Vortiv

Vortiv

Vortiv Ltd (formerly known as Transaction Solutions International Ltd) is a technology based company focused on the cybersecurity and the cloud services sector.

Huntington Ingalls Industries (HII)

Huntington Ingalls Industries (HII)

Huntington Ingalls Industries is America’s largest military shipbuilding company and a provider of professional services to partners in government and industry.

ZEUSS

ZEUSS

ZEUSS is a diversified data center, cybersecurity, and green energy company.

Barclay Simpson

Barclay Simpson

Barclay Simpson is proud to have a long history of delivering cyber security, technology and governance recruitment services.

Oleria Security

Oleria Security

Oleria is the only adaptive and autonomous security solution that helps organizations accelerate at the pace of change, trusting that data is protected.