Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

Financial services falling behind on data security - PwC

A PwC survey of more than 600 financial services firms finds that more than half (54%) do not have an accurate inventory of where personal data for employees and customers is collected, transmitted or stored.

  0 3 comments

Financial services falling behind on data security - PwC

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

Just over half (51%) of financial services respondents questioned by PwC further admit that they do not require third-party service providers to comply with their company's privacy policies.

Sergio Pedro, managing director, PricewaterhouseCoopers, comments: "Financial services firms have been leaders in privacy and security, but their policies and capabilities are being outstripped by changes in technology and business practices."

Increased use of offshore third-party service providers to handle and process sensitive data has exposed firms to a maze of privacy-related requirements, he says, further exacerbating the problems.

The survey found that just 45% perform due diligence of third parties that handle the personal data of customers and employees. Despite this failing, a clear majority of 81% consider themselves either "somewhat" or "very" confident in the information security practices of their partners and suppliers.

This blind spot extends into incident response, both inhouse and at third party sites. Forty one percent reported that their organisation's security policies do not address incident response, and 56% do not have a process to address breaches involving data entrusted to third parties.

Firms also appear to be failing to learn the lessons from other high profile data loss incidents in the sector. Forty one percent do not encrypt data stored in databases; 52% do not encrypt file shares; and 43% do not encrypt backup tapes. Furthermore, one-third fail to deploy laptop encryption, a key data security safeguard for an increasingly mobile workforce.

The damning statistics come from PwC's annual Global State of Information Security Study it conducts in partnership with CIO and CSO magazines. Of the 7,000 CEOs, CFOs, CIOs, CSOs, vice presidents and directors of IT and information security interviewed for the study, results of which were first published in October 665 were from the financial services industry.

Download the document now 0.1 Mb (PDF File)
Sponsored [Upcoming Webinar] Next Gen Payment Processing: How banks can embrace the future
 

Share

 
 
1
 
 

Related Company

Channels

/retail banking /security /wholesale banking

Comments: (3)

A Finextra member 

I like to pass along things that work, in hopes that good ideas make their way back to me. Data breaches and thefts are due to a lagging business culture - and people aren't getting the training they need. As CIO, I look for ways to help my business and IT teams further their education. Check your local library: A book that is required reading is "I.T. WARS: Managing the Business-Technology Weave in the New Millennium." It also helps outside agencies understand your values and practices.
The author, David Scott, has an interview that is a great exposure: http://businessforum.com/DScott_02.html -
The book came to us as a tip from an intern who attended a course at University of Wisconsin, where the book is an MBA text. It has helped us to understand that, while various systems of security are important, no system can overcome laxity, ignorance, or deliberate intent to harm. Necessary is a sustained culture and awareness; an efficient prism through which every activity is viewed from a security perspective prior to action.
In the realm of risk, unmanaged possibilities become probabilities - read the book BEFORE you suffer a breach.

A Finextra member 

This is a good well written article on a topical issue ... however like on many occassions with similar articles the reader is loeft hanging wanting more information but Finextra does not provide further reading references .... it would have been so easy to put the PWC URL of where to locate the source material ... I have sop far been unable to locate the PWC survey in question .... surely they are not referencing last years CBI security survey ....

 

Yours David Spinks (david.spinks@eds.com)

Elton Cane

Elton Cane Digital product delivery at News Corp Australia

Hi David, Normally we do provide a PDF or link, when one is provided on a press release, or easily sourcable from the company in question. This one took a bit of digging, but we did find the survey report in question. This story is actually PwC taking a financial-industry-only slice of their annual Global State of Information Security Study (GISS), which came out in October 2008 and looks broadly across industries. You can now see the link to the pdf (hosted on Finextra) at the end of the story. Elton

Related news

CheckFree warns five million customers of hack attack

Branch security failings exposed by fake heists

Bank of New York Mellon breach gets bigger

Audit and compliance demands force IT security upgrade at Arab National Bank

Wells Fargo hit by data breach

FSA chides financial institutions for data security lapses

Stolen bank details going cheap on the Web

TJX breach gets bigger with 94 million card numbers exposed

UK data protection watchdog slams firms for security breaches

Banks censured for dumping customer data in bins

FSA fines Nationwide for security breach

Personal data security breaches hit 100 million milestone in US

[Upcoming Webinar] Next Gen Payment Processing: How banks can embrace the futureFinextra Promoted[Upcoming Webinar] Next Gen Payment Processing: How banks can embrace the future

Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.

Please read our Privacy Policy.

Accept