Only 20% Of UK Banks Can Properly Detect Breaches

Only one bank in five is highly confident in its ability to detect a data breach, with 50% of financial institutions having inadequate data security frameworks or privacy policies in place, research suggests.

Consultancy Capgemini surveyed 7,600 consumers and 183 senior security and privacy professionals from global banking and insurance firms in eight countries, including the UK, for its Currency of Trust report.

It found that the UK’s financial services organisations lag slightly behind the global average when it comes to confidence in their ability to detect a data breach, 19% vs 21%, although the country’s slightly ahead of the curve when it comes to having fully-automated cyber threat intelligence, 45% vs 40%.

When it comes to preparedness for GDPR, the upcoming EU-wide law that governs what penalties organisations will face for a data breach - the UK is also happily ahead of the game. Worldwide, only 32% of financial institutions consider themselves ready for the legislation, but in the UK that rises to 41%.

The UK also fares better than average when it comes to preventative measures, with only 31% taking three months to a year to patch and manage vulnerabilities, compared to a global average of 49%.

However, in some other areas UK financial institutions aren’t quite so virtuous. A total 83% of banks and insurance firms here retain customer data after they leave, compared to 78% globally. And, while more UK organisations update data consent clauses after a privacy policy is changed than the global average, at 26% it’s still very low.

Mike Turner, global cybersecurity chief operating officer at Capgemini, said: “Consumers implicitly trust banks with their money and data, but this faith is rooted in a mistaken belief their provider can be 100% secure. While banks are evolving to combat the sophisticated threat cyber criminals pose, public understanding of the threats and challenges remains low.

“The introduction of GDPR legislation next year is a prime opportunity for business transformation for banks and insurers to become the digital fortresses consumers believe them to be.”

What is a data breach?

Also known as a data leak or unintentional disclosure, a data breach occurs when confidential information falls into the wrong hands. This could be due to the work of hackers, a malicious internal actor, an oversight or a system failure.

For example, hackers stealing credit card information, an employee passing IP or financial data onto competitors, someone leaving a USB stick on a train, and the accidental attachment of a patient list to an email would all count as a data breach.

Data breach consequences

In the UK, a data breach can currently cost an organisation a fine of up to £500,000 if it is found to have been in contravention of the Data Protection Act 1998.

However, from May 2018, that figure will rise significantly thanks to GDPR, with fines of up to €10 million or 2% of annual turnover (whichever is greater) waiting for the worst offenders. You can find out more about GDPR here.

Famous data breaches

Famous recent data breaches include the 2014 Yahoo hack (revealed in 2016), with the details of up to 500 million customers stolen, the 2015 hacks of TalkTalk and Ashley Madison, which affected 4 million and 37 million customers respectively, and the Sony Pictures Entertainment hack, which led to the exfiltration of around 100 terabytes of data, according to the perpetrators.

ITPro

Tesco Could Have Been Facing £2bn Fine After The Bank Hack:

TalkTalk's Cybersecurity Lesson:        Hackers Target All The Major UK Banks:

 

« The 4th Industrial Revolution:Can Democracy Survive ?
How To Eliminate Insider Threats »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Voyager Networks

Voyager Networks

Voyager Networks is an IT solutions business with a focus on Enterprise Networks, Security and Collaborative Communications.

Globalscape

Globalscape

Globalscape is a leader in secure data exchange solutions.

Direct Recruiters Inc

Direct Recruiters Inc

Direct Recruiters is a relationship-focused search firm that assists IT Security and Cybersecurity companies with recruiting high-impact talent.

I-Tracing

I-Tracing

I-TRACING are experts in IT security, specialized in legal compliance of information systems, security of information systems, and the collection of digital evidence and traces.

CERT.LV

CERT.LV

CERT.LV is the national Computer Emergency Response Team for Latvia.

Malware Patrol

Malware Patrol

Malware Patrol provides intelligent threat data that protects against cyber attacks.

AVeS Cyber Security

AVeS Cyber Security

AVeS combines expert knowledge and services with leading technology products to provide comprehensive Information Security and Advanced IT Infrastructure solutions.

Haventec

Haventec

Haventec’s internationally patented technologies reduce cyber risk and enable pervasive trust services with a decentralised approach to authentication.

Brighter AI

Brighter AI

Brighter AI empowers companies to use publicly-recorded camera data for analytics & AI while being compliant with increasing data privacy regulations worldwide.

Fluid Attacks

Fluid Attacks

Fluid Attacks specialize in red team operations as well as technology development that continuously enhance our security testing services.

Proximity

Proximity

Proximity is a leading professional services organisation providing consulting, legal and commercial advisory solutions with a focus on government and regulated industries.

Tabidus Technology

Tabidus Technology

Tabidus Technology is a cybersecurity association that unites and provides the global protection options against cyber threats.

Cardonet

Cardonet

Cardonet is an IT Support and IT Services business offering end-to-end IT services, 24x7 IT Support to IT Consultancy, Managed IT and Cyber Security.

Infostream

Infostream

Infostream is a leading integrator of Digital Transformations Solutions (DTS); Public, Private, and Hybrid Cloud; Cybersecurity; Data Integrity; DevOps, DevSecOps, and Infrastructures.

Air IT

Air IT

Air IT are a responsive, client-focused and award-winning Managed Service Provider, helping clients achieve success and transformation through their IT and communications.

APCERT

APCERT

APCERT cooperates with CERTs and CSIRTs to ensure internet security in the Asia Pacific region, based around genuine information sharing, trust and cooperation.