According to the results of a recent Capgemini survey of 7,600 consumers and 183 senior data privacy and security professionals at banking and insurance firms worldwide, just 21 percent of banking executives are highly confident in their ability to detect a cyber security breach.
At the same time, 83 percent of consumers say they trust banks and insurance firms to maintain strong cyber security, compared to 28 percent of consumers who trust e-commerce firms and 13 percent who trust telcos and retailers.
“Consumers implicitly trust banks with their money and data, but this faith is rooted in a mistaken belief their provider can be 100 percent secure,” Capgemini global cyber security chief operating officer Mike Turner said in a statement. “While banks are evolving to combat the sophisticated threat cyber criminals pose, public understanding of the threats and challenges remains low.”
Notably, although only three percent of consumers believe their own bank has been breached, 26 percent of financial institutions acknowledged having been the victim of a breach.
“Banks and insurers have reaped a perception dividend on privacy and security issues that other industries have not enjoyed,” the report states. “However, this advantage is under threat as transparency increases and consumers become more aware of breaches that do occur. If organizations do not take proactive steps to enhance security and privacy, consumers will quickly realize that their high levels of trust are perhaps misplaced, with significant consequences for the sector.”
Sixty-five percent of consumers said trust in data privacy and security is an extremely significant factor when choosing their bank, and 74 percent said they would change providers in the event of a data breach.
CipherCloud director of product management David Berman told eSecurity Planet by email that the findings highlight the need for data-centric approaches like encryption and tokenization to mitigate the impact of any breach. “Data-centric approaches like persistent encryption also enforce protection on mobile endpoints, a critical requirement now that threats have a much larger attack surface to target with cloud applications,” he said.
Separately, Cisco’s 2017 Annual Cybersecurity Report, based on a survey of almost 3,000 CSOs and security operations leaders worldwide, states that more than one third of organizations that experienced a breach in 2016 reported customer, opportunity and revenue loss of more than 20 percent as a result.
In response, 90 percent of those organizations are improving their defenses by separating IT and security functions (38 percent), increasing security awareness training for exmployees (38 percent), and implementing risk mitigation techniques (37 percent).
More than 50 percent of organizations faced public scrutiny after a breach. Twenty-two percent of them lost customers, and 40 percent lost more than 20 percent of their customer base. Twenty-nine percent lost revenue, with 38 percent losing more than 20 percent of revenue.
Strikingly, the report states that just 56 percent of security alerts are investigated, and less than half of legitimate alerts are remediated.
David Vergara, head of global product marketing at VASCO Data Security, told eSecurity Planet by email that the Cisco report makes three things abundantly clear. “The first is that cybercriminals’ weapon of choice is not always the sophisticated attack; generally, they prefer the path of least resistance, so security laggards beware,” he said. “Second is the hard cost of a breach, through lost customers, revenue and business, is rising dramatically. This cost should drive more pointed security resource discussions and prop up related business cases.”
“Third is that the last thing CSOs need is another point solution to complement the busy array of existing security platforms,” Vergara added. “Step one is to assess the weakest channels. If mobile represents the greatest risk, leverage a solution that complements your existing platform to ensure trust on the device and mobile applications.”