Though many instinctively trust their banks and insurers with their data, once this trust is broken they are likely to act. Three quarters of consumers (74pc) would switch their provider in the event of a data breach. Among those who would remain with their bank or insurer if their information were compromised, over a quarter say they would be cautious about further investments. That’s among the findings of a report by consultancy and outsourcing firm Capgemini’s Digital Transformation Institute, titled ‘The Currency of Trust: Why Banks and Insurers Must Make Customer Data Safer and More Secure’
Banks and insurers enjoy a significantly higher level of trust from consumers in the cybersecurity of their systems (83pc) than any other sector (with e-commerce firms at 28pc and both telcos and retailers at 13pc). However, the financial services industry doesn’t share the same sentiment. Just one in five banking executives (21pc) are highly confident in their ability to detect a breach, let alone defend against it.
Mike Turner, Global Cybersecurity Chief Operating Officer at Capgemini, said: “Consumers implicitly trust banks with their money and data, but this faith is rooted in a mistaken belief their provider can be 100pc secure. While banks are evolving to combat the sophisticated threat cybercriminals pose, public understanding of the threats and challenges remains low.”
The study suggests a gap between the level of trust placed in banks by the public and the reality. Zhiwei Jiang, Global Head of Financial Services, Insights & Data at Capgemini, said: “When GDPR is introduced and all breaches are likely to be made public soon after they occur, many people will be in for a surprise. The introduction of GDPR legislation next year is a prime opportunity for business transformation for banks and insurers to become the digital fortresses consumers believe them to be.”
Trust in banks
The majority of consumers view trust in data privacy and security as an extremely significant factor when choosing their bank (65pc). Despite the importance they attach to the security and handling of sensitive financial data, consumers appear to instinctively trust banks and insurers without strong reason. The gap in consumers’ perception and the reality is perhaps exemplified by the fact that though one in four financial institutions reported to having been victim of a hack, only 3pc of consumers believe their own bank has ever been breached.
While financial institutions, particularly banks, are spending Capgemini says a staggering amount of money securing their systems, the number and frequency of data breaches is still rising. The evolving nature of the threat and lack of clarity among leaders perhaps explains why, despite high levels of investment, 71pc of organisations do not have a balanced security strategy nor strong data privacy practices.
The General Data Protection Regulation (GDPR), European legislation due to come into effect in May 2018, will force organisations to disclose data breaches within 72 hours or face large penalties. Though an EU law, the Regulation will apply to companies (whether EU based nor not) that process personal data of European citizens, and is expected to affect banks and insurers in the US, UK and Asia. While compliance will be essential and is just over a year away, among executives surveyed only a third (32pc) described their organisation as having made strong progress in implementing the draft guidelines.
Research method
Capgemini’s Digital Transformation Institute surveyed 7,600 consumers in France, Germany, India, the Netherlands, Spain, Sweden, United Kingdom and United States, on data privacy and security in financial services. Capgemini’ s Institute talked to 183 senior data privacy and security people in France, Germany, India, Spain, UK and US representing bank and insurance firms. A copy of the report can be downloaded here.
Comment
Richard Brown, Director EMEA Channels and Alliances at Arbor Networks, said: “With the implementation of the EU General Data Protection Regulation getting ever closer, the impact of data-breaches to both business and the end-user will soon have a bigger impact than ever before. Because of this, it is imperative for businesses to invest appropriately to protect themselves and their customers.
“It is perhaps no surprise that financial services are lacking in confidence when it comes to data security. Threats continue to evolve at a rapid pace and as our recent Worldwide Infrastructure Security Report revealed, attack size grew by 60% last year. Financial services organisations in particular are at risk due to the amount of sensitive data and money they store.
“To combat this evolving threat, organisations should foster a collaborative cybersecurity environment by sharing threat intelligence to create a far more accurate and actionable view of the threat landscape. Such an approach enables organisations to take a proactive stance and make predictive responses, rather than waiting to be attacked. This is especially true for financial services organisations who typically have a very large attack surface due to rapidly developing business environment. Organisations should also instrument their internal networks so that they have broad and deep visibility of network traffic, threats and user behaviour.”
