While banking consumers indicate high levels of confidence in the security of their digital banking data, new regulations that require banks to report data breaches may undermine that confidence.
The European guidelines, the General Data Protection Regulation (GDPR), require financial institutions to announce data breaches within 72 hours of discovery. Ensuring data safety at banks has never been more essential. A new survey reveals that a single breach could erode confidence and result in a major loss of business.
Impressions of Institutions
A survey by Capgemini Consulting of 7,600 consumers worldwide found that 83 percent trust their insurers and banks when it comes to data, but that 74 percent would switch financial institutions in the case of a data breach.
Data insecurity is also why 47 percent of those surveyed do not use digital channels for banking, a costly proposition for banks, where branch use is about 43 times as expensive as digital channels.
Customer attitudes expressed in the survey indicate that banks that instill a sense of trust will reap advantages. Sixty percent of respondents said they would be willing to give up some degree of privacy by sharing some data in return for benefits. Among those 18,034, that percentage leaps to 74.
Business Leadership Needed for Ill-Prepared Banks
While the business strategy opportunities are evident, the same Capgemini Consulting report indicates banks are not prepared for data threats. Among 180 senior security and data privacy pros, fewer than a third (29 percent) of retail banks and insurers have both a solid security strategy and strong data privacy practices.
The survey also indicated that only one in two banks and insurers have adequate security frameworks for data or privacy policies.
Financial institutions are particularly lagging in the following areas:
| Breach detection | Only 21 percent reported being highly confident in their ability to detect a data breach. | Data retention | A staggering 78 percent continue to retain customer data for former customers. | Plugging holes | It takes 49 percent of institutions 3-12 months to patch or manage identified vulnerabilities in key systems. | Automation. | Only 40 percent have fully automated systems to proactively detect cyber threats. |
Locking down systems and more education are critical for companies wanting to maintain consumer trust.
General Data Protection Regulation
The regulation, passed by various European Union bodies, is designed to unify and strengthen data for EU residents. It establishes a single set of rules governing EU institutions. It covers all personal data, including identifying characteristics and bank information; requires appointment and roles for a data controller, data protection officer (DPO), and DPO services; and requires encryption or other controls to anonymize the data.
Failure to comply with the guidelines can result in warnings, regular audits or up to €20 million in fines.
Banks appear to be lagging in preparations for GDPR, which goes into effect in May 2018. To ensure compliance and gain consumer trust, it’s suggested banks adopt the following:
- Provide consumers with more choice in terms of what data are shared.
- Offer education and more information about security issues.
- Create a communication strategy that can be deployed rapidly in the event of a breach.
- Separate passwords and financial information on mobile apps.
- Improve security controls on servers that an app’s API can access.
Business leadership is needed across financial services units to ensure that consumer data stays safe … and those consumers remain as customers.