Only 20% Of UK Banks Can Properly Detect Breaches

Uploaded on 2017-02-22 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

Only one bank in five is highly confident in its ability to detect a data breach, with 50% of financial institutions having inadequate data security frameworks or privacy policies in place, research suggests.

Consultancy Capgemini surveyed 7,600 consumers and 183 senior security and privacy professionals from global banking and insurance firms in eight countries, including the UK, for its Currency of Trust report.

It found that the UK’s financial services organisations lag slightly behind the global average when it comes to confidence in their ability to detect a data breach, 19% vs 21%, although the country’s slightly ahead of the curve when it comes to having fully-automated cyber threat intelligence, 45% vs 40%.

When it comes to preparedness for GDPR, the upcoming EU-wide law that governs what penalties organisations will face for a data breach - the UK is also happily ahead of the game. Worldwide, only 32% of financial institutions consider themselves ready for the legislation, but in the UK that rises to 41%.

The UK also fares better than average when it comes to preventative measures, with only 31% taking three months to a year to patch and manage vulnerabilities, compared to a global average of 49%.

However, in some other areas UK financial institutions aren’t quite so virtuous. A total 83% of banks and insurance firms here retain customer data after they leave, compared to 78% globally. And, while more UK organisations update data consent clauses after a privacy policy is changed than the global average, at 26% it’s still very low.

Mike Turner, global cybersecurity chief operating officer at Capgemini, said: “Consumers implicitly trust banks with their money and data, but this faith is rooted in a mistaken belief their provider can be 100% secure. While banks are evolving to combat the sophisticated threat cyber criminals pose, public understanding of the threats and challenges remains low.

“The introduction of GDPR legislation next year is a prime opportunity for business transformation for banks and insurers to become the digital fortresses consumers believe them to be.”

What is a data breach?

Also known as a data leak or unintentional disclosure, a data breach occurs when confidential information falls into the wrong hands. This could be due to the work of hackers, a malicious internal actor, an oversight or a system failure.

For example, hackers stealing credit card information, an employee passing IP or financial data onto competitors, someone leaving a USB stick on a train, and the accidental attachment of a patient list to an email would all count as a data breach.

Data breach consequences

In the UK, a data breach can currently cost an organisation a fine of up to £500,000 if it is found to have been in contravention of the Data Protection Act 1998.

However, from May 2018, that figure will rise significantly thanks to GDPR, with fines of up to €10 million or 2% of annual turnover (whichever is greater) waiting for the worst offenders. You can find out more about GDPR here.

Famous data breaches

Famous recent data breaches include the 2014 Yahoo hack (revealed in 2016), with the details of up to 500 million customers stolen, the 2015 hacks of TalkTalk and Ashley Madison, which affected 4 million and 37 million customers respectively, and the Sony Pictures Entertainment hack, which led to the exfiltration of around 100 terabytes of data, according to the perpetrators.

ITPro

Tesco Could Have Been Facing £2bn Fine After The Bank Hack:

TalkTalk's Cybersecurity Lesson:        Hackers Target All The Major UK Banks:

 

« The 4th Industrial Revolution:Can Democracy Survive ?
How To Eliminate Insider Threats »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ANS Group

ANS Group

ANS are a strong team of straight-talking tech and business experts. Our mission is to make digital transformation accessible to all.

RSA Conference

RSA Conference

RSA Conference conducts information security events around the globe that connect you to industry leaders and highly relevant information.

Gurucul

Gurucul

Gurucul predictive security analytics protects against insider threats, account compromise and data exfiltration on-premises and in the cloud.

Qatar Computing Research Institute (QCRI)

Qatar Computing Research Institute (QCRI)

QCRI perform cutting-edge research in such areas as Arabic language technologies, social computing, data analytics, distributed systems, cyber security and computational science and engineering.

Digital Arts

Digital Arts

Digital Arts provides internet security software and appliance products for companies and individuals.

ThreatAware

ThreatAware

Total visibility of your business cybersecurity. Monitoring, management and compliance for your cybersecurity tools, people and processes from one easy to use dashboard.

KOVRR

KOVRR

Kovrr financially quantifies cyber risk on demand. Our technology enables decision makers to seamlessly drive actionable cyber risk management decisions.

CyberInsureOne

CyberInsureOne

At CyberInsureOne, we break down the complex world of cyber insurance, and connect you with providers that can give you and your company peace of mind.

Data Terminator

Data Terminator

Data Terminator provide a comprehensive range of secure data destruction equipment and services are in compliance to US Department of Defense (DoD) and National Security Agency (NSA) standards.

LevelOps

LevelOps

LevelOps is an industry application security platform that tracks and develops your application security.

SecurityGate

SecurityGate

SecurityGate.io is the only Integrated Risk Management platform built for OT/ICS cybersecurity.

NetWitness

NetWitness

NetWitness empowers security teams to rapidly detect today’s targeted and sophisticated attacks with unparalleled visibility.

Topsec Cloud Solutions

Topsec Cloud Solutions

The Topsec Managed Email Security Platform eliminates Spam, Viruses, Malware, and Phishing.

Quantum eMotion (QeM)

Quantum eMotion (QeM)

Quantum eMotion is a Montreal-based advanced developer leading the way towards a new generation of quantum-safe encryption for the quantum computing age.

ARGOS Cloud Security

ARGOS Cloud Security

ARGOS aims to simplify and strengthen cloud security, by creating a visual map of security vulnerabilities, to your priceless information stored in any cloud provider environment.

Resonance Security

Resonance Security

Resonance offers powerful cybersecurity aggregation software that makes protecting against full spectrum cybersecurity threats effortless no matter what your technical level, budget, or scope.