Database Security Lacking at Financial Services Firms


Sloppy operating practices across the financial services sector leave firms vulnerable to breaches that could expose sensitive data or put customers' and employees' privacy at risk, according to a new study from the Ponemon Institute.

The study, commissioned by enterprise software and consulting firm Compuware (NASDAQ: CPWR), identified several key areas where financial services companies could take a hit from loose data policies, including damage to the corporate brand and the erosion of consumer trust.

"One of the most important things a company can do to assure their future success is to plug the holes in their security policies that were demonstrated in this study," Larry Ponemon, head of the Ponemon Institute, said in a statement. "While there is a great deal of progress being made, there is still a long way to go."

For instance, the survey of top security officials at 80 large financial firms found that 83 percent use real data, such as credit card or account numbers, when developing and testing applications. Ponemon concluded that a majority of the firms surveyed don't take sufficient steps to safeguard that information.

The latest warning about information security comes amid a growing wave of data breaches that have targeted universities, insurance firms and others. A recent survey by security firm Symantec found that 92 percent of global firms were hit with a cyber attack seeking to infiltrate corporate IT networks last year.

According to the Ponemon study, many financial services firms, which are prime targets for cyber criminals, don't take some of the basic precautions to protect their information storehouses. For instance, 88 percent of the companies surveyed said they still use Social Security numbers as their primary identifier.

Just 47 percent of the companies said they have intrusion detection systems in place, while only 56 percent said they implemented identity compliance procedures.

Similarly, 41 percent of the financial houses said they have deployed data loss prevention technologies.

In addition to the public relations nightmare that invariably follows high-profile data breaches, financial services firms with lax information management policies run the risk of falling out of compliance with government regulations.

"Safeguarding customer data is the best approach for financial services and other organizations to retain valuable customers, protect the company's reputation and avoid negative regulatory impacts," Compuware Vice President Rose Rowe said in a statement.

The survey canvassed financial firms with at least 500 employees that are based in North America, but operate globally. Subsegments of the financial services industry evaluated in the poll included banking, investment, insurance, credit card and mortgage firms.

Kenneth Corbin is an associate editor at, the news service of, the network for technology professionals.