Outsourcing data to vendors and other third parties is one of the main causes of data breaches at financial institutions, according to research conducted by the Ponemon Institute for vendor Compuware.
According to a survey of senior staff with security responsibilities at 80 multinational financial services firms, negligent insiders are the main reason for data breaches, cited by 75%. The second most common cause is the outsourcing of data to vendors and other third parties, cited by 42%, followed by malicious insiders, 26%.
The Ponemon Institute says the study reveals six primary areas of vulnerability to privacy and data security for the financial services industry: risk of data breach, diminishment of customer loyalty and trust, malicious or negligent insiders, risk of outsourcing confidential data to third parties, regulatory non-compliance, and ineffective privacy and information governance.
A massive 83% of those questioned say they use real data in the development and testing of applications and a majority of these do not take appropriates steps to protect this confidential and sensitive information, says Compuware.
Only 56% have identity compliance procedures in place, while just 47% have intrusion detection systems. Data loss protection technology is used by only 41% while 88% still use social security numbers as a primary identifier.
The report also found that while 60% of organisations have a chief privacy officer, 50% of them report that they have insufficient resources to accomplish their goals and objectives.
Larry Ponemon says: "One of the most important things a company can do to assure their future success is to plug the holes in their security policies that were demonstrated in this study. While there is a great deal of progress being made, there is still a long way to go."