Thales Study: US Financial Institutions Have Highest Rate of Data Breaches Despite Strict Compliance Mandates
- 62% of US Financial Service Organizations Experienced Data Breaches, but Security Spending and Encryption Rates Are Decreasing
- Data Security Is Not Keeping Pace With Rapid Industry Change Being Driven by Digital Transformation
- Top Data Security Concerns Are Cyberterrorism, Internal Threats and Industrial Espionage
A new global study from Thales, with research from global market intelligence firm IDC, reveals that US financial institutions have the highest rate of data breaches compared to other industries. In fact, nearly two thirds (62%) have experienced a breach in their history, and 41% had one occur in the last year alone. According to the 2019 Thales Data Threat Report – Financial Services Edition, US financial services institutions are leading other industries when it comes to implementing digitally transformative technologies with nearly all (97%) surveyed claiming they use sensitive data within digitally transformative environments. However, the study also found that encryption rates for the US organizations surveyed are 31% or less, even though sensitive financial and payment data remains an attractive target for cybercriminals.
“Today sensitive data resides in digitally transformative, complex environments that span multiple clouds. These low encryption rates indicate US financial institutions have a false sense of security as they also have the highest rate of data breaches compared to other sectors studied,” With the proliferation of cloud adoption, the advancement of new banking systems and strict data privacy regulations, there’s a disconnect between the reality of how vulnerable data is and the lack of adequate protection being utilized. The important message this study underscores is that financial services institutions need new data security methods to protect precious data everywhere in today’s digital IT landscape.”
Pervasive digital transformation puts sensitive data at risk
Technologies such as big data, cloud, IoT, mobile payments and others introduce new threats to sensitive data. This year’s report found that almost half (47%) of respondents said they’re either aggressively disruptive in their use of these technologies or are tightly linking them to an agile management vision. As financial service organizations struggle to protect data in new technology environments, they become a prime target for malicious insiders and external attackers motivated by either financial gain or the desire to create chaos in financial systems.
Security spending not on track with fast-changing technology
When financial institutions first began to open digital channels and enable mobility of both employees and customers, financial institutions invested in data protection. However, budgets have not kept up with fast-changing security threats. The report shows that security spending has decreased by 30% over the past year from 84% to 54%. Additionally, sophisticated fraud rings have trained their own machine learning platforms and bots to crack financial systems. The research also found that collaboration with third-party fintech partners to launch new services (open banking) is increasing the attack surface for cybercriminals, and creating opportunities for industrial espionage perpetrated by competitors who use the same partners.
Encryption – a fundamental control – is underutilized
A key finding of the report is that although organizations report having plans for adopting data security technologies, like encryption and tokenization, actual implementation rates are low. The survey uncovered that in some sensitive data use cases, less than a quarter of respondents said they were using encryption to protect cloud environments as well as newer sources like big data, blockchain, containers, IoT and mobile payments.
“Fraud and security teams are expected to be the enablers of innovation while securing an increasingly complex financial services environment. Rapid digital transformation is being driven by agile fintech start-ups and the open banking trend shows no signs of slowing down. In addition, protecting sensitive data becomes even more difficult with shrinking security spending and encryption rates that are far too low. The report demonstrates the need for security professionals in the financial services sector to encrypt everything and adopt the right tools and technology that will protect sensitive data and mitigate risk during ongoing digital transformation initiatives.”