As many as 140 data thefts from financial services were reported to the Information Commissioner’s Office in the last financial year.
Data thefts from insurance companies doubled from 2015 levels but those from banks were down 45 percent.
Data released by the Information Commissioner’s Office has revealed a 25 percent rise in incidents of data theft from financial services in the UK compared to previous levels. This is despite the fact that more and more incidents are being reported to the ICO unlike in previous years.
Between April 2016 and March of this year, insurance companies had to bear the brunt of data thefts. The number of incidents of data thefts from insurance companies doubled from 2015 levels but at the same time, those from banks went down by 45 percent.
The Information Commissioner’s Office fined Royal & Sun Alliance Insurance PLC. £150,000 and HCA International Ltd. £200,000 for data breach incidents in the last financial year. However, the fact that 140 data thefts were reported in the period compared to just 73 in 2013-14 makes it clear that firms are not hiding security incidents as much as they used to in the past.
Earlier this year, ThreatMatrix, a security firm, estimated the annual cost of cyber-attacks on financial services in the UK at around £8bn. The firm detected 80 million cyber-attacks on financial firms using fake or stolen credentials in 2016 and noted that a spurt in online transactions had motivated hackers to target the sector. Bank account fraud, non-investment fraud and computer virus were picked out as the most common online offences.
This isn’t the first time that financial services have emerged as among the favourite targets for hackers. A major reason behind this is that a vast majority of such firms are grappling with basic information management issues, thereby placing customer data at risk, said solutions provider M-Files.
The firm observed that 96 percent of financial services firms struggled to locate documents in the workplace, 62 percent had to recreate new documents after they lost existing ones, 31 percent didn’t know if they ever lost any data, 27 percent suffered from mobile-related data security breach and a similar number allowed employees to access corporate information using their personal devices.
In such scenarios where firms struggle to locate their own data or fail to protect them, cyber-thieves can easily use any of such loopholes to get their hands on confidential corporate information, which may also include sensitive customer data.
Considering that the General Data Protection Regulation (GDPR) is less than a year away, such serious lapses on part of financial services firms may result in huge fines which may not only tarnish their reputations but may also cause serious financial losses.
With potential fines expected to rise substantially from £0.5 million to £17.5 million under the GDPR regime, senior minds at financial firms will be concerned with the inexorable rise in the number of breaches, said Teiss Head of Consulting and Training Jeremy Swinfen-Green.
‘But the fines are only for the loss of personal data. Organisations hold other valuable data that needs to be protected such as business plans, new product designs, and financial information. The loss of these can damage competitive positioning as well as an organisation’s reputation.
‘Many organisations rely on technical defences and these are of course important. But ensuring employees take personal responsibility for security is equally important. Training is part of the answer here. But only part. Security processes designed around end users are also needed. Continuous awareness campaigns to remind people how to behave safely are essential. Employees must be motivated to behave safely. And organisational culture in areas such as trust and the courage to address the unsafe behaviour of others must be addressed,’ he added.