Financial services falling behind on data security - PwC

Financial services falling behind on data security - PwC

A PwC survey of more than 600 financial services firms finds that more than half (54%) do not have an accurate inventory of where personal data for employees and customers is collected, transmitted or stored.

Just over half (51%) of financial services respondents questioned by PwC further admit that they do not require third-party service providers to comply with their company's privacy policies.

Sergio Pedro, managing director, PricewaterhouseCoopers, comments: "Financial services firms have been leaders in privacy and security, but their policies and capabilities are being outstripped by changes in technology and business practices."

Increased use of offshore third-party service providers to handle and process sensitive data has exposed firms to a maze of privacy-related requirements, he says, further exacerbating the problems.

The survey found that just 45% perform due diligence of third parties that handle the personal data of customers and employees. Despite this failing, a clear majority of 81% consider themselves either "somewhat" or "very" confident in the information security practices of their partners and suppliers.

This blind spot extends into incident response, both inhouse and at third party sites. Forty one percent reported that their organisation's security policies do not address incident response, and 56% do not have a process to address breaches involving data entrusted to third parties.

Firms also appear to be failing to learn the lessons from other high profile data loss incidents in the sector. Forty one percent do not encrypt data stored in databases; 52% do not encrypt file shares; and 43% do not encrypt backup tapes. Furthermore, one-third fail to deploy laptop encryption, a key data security safeguard for an increasingly mobile workforce.

The damning statistics come from PwC's annual Global State of Information Security Study it conducts in partnership with CIO and CSO magazines. Of the 7,000 CEOs, CFOs, CIOs, CSOs, vice presidents and directors of IT and information security interviewed for the study, results of which were first published in October 665 were from the financial services industry.

» Download the document now 0.1 Mb (PDF File)

Comments: (3)

A Finextra member
A Finextra member 09 January, 2009, 20:32Be the first to give this comment the thumbs up 0 likes

I like to pass along things that work, in hopes that good ideas make their way back to me. Data breaches and thefts are due to a lagging business culture - and people aren't getting the training they need. As CIO, I look for ways to help my business and IT teams further their education. Check your local library: A book that is required reading is "I.T. WARS: Managing the Business-Technology Weave in the New Millennium." It also helps outside agencies understand your values and practices.
The author, David Scott, has an interview that is a great exposure: http://businessforum.com/DScott_02.html -
The book came to us as a tip from an intern who attended a course at University of Wisconsin, where the book is an MBA text. It has helped us to understand that, while various systems of security are important, no system can overcome laxity, ignorance, or deliberate intent to harm. Necessary is a sustained culture and awareness; an efficient prism through which every activity is viewed from a security perspective prior to action.
In the realm of risk, unmanaged possibilities become probabilities - read the book BEFORE you suffer a breach.

A Finextra member
A Finextra member 12 January, 2009, 13:25Be the first to give this comment the thumbs up 0 likes

This is a good well written article on a topical issue ... however like on many occassions with similar articles the reader is loeft hanging wanting more information but Finextra does not provide further reading references .... it would have been so easy to put the PWC URL of where to locate the source material ... I have sop far been unable to locate the PWC survey in question .... surely they are not referencing last years CBI security survey ....

 

Yours David Spinks (david.spinks@eds.com)

Elton Cane
Elton Cane - writer & tech geek - Brisbane 12 January, 2009, 14:16Be the first to give this comment the thumbs up 0 likes Hi David, Normally we do provide a PDF or link, when one is provided on a press release, or easily sourcable from the company in question. This one took a bit of digging, but we did find the survey report in question. This story is actually PwC taking a financial-industry-only slice of their annual Global State of Information Security Study (GISS), which came out in October 2008 and looks broadly across industries. You can now see the link to the pdf (hosted on Finextra) at the end of the story. Elton
Featured Job
All Jobs »