Just one in five banks and insurers confident they could detect a cybersecurity breach; upcoming GDPR Regulations to Spur Action, Greater Transparency with Consumers
Banks and insurers enjoy a significantly higher level of trust from consumers in the cybersecurity of their systems (83%) than any other sector (with e-commerce firms at 28% and both telcos and retailers at 13%). However, the financial services industry doesn’t share the same sentiment. Just one in five banking executives (21%) are highly confident in their ability to detect a breach, let alone defend against it. This is the finding of a report published today by Capgemini’s Digital Transformation Institute, titled ‘The Currency of Trust: Why Banks and Insurers Must Make Customer Data Safer and More Secure’.
Mike Turner, Global Cybersecurity Chief Operating Officer at Capgemini, said: “Consumers implicitly trust banks with their money and data, but this faith is rooted in a mistaken belief their provider can be 100% secure. While banks are evolving to combat the sophisticated threat cybercriminals pose, public understanding of the threats and challenges remains low.”
The study of 7,600 consumers and over 180 senior data privacy and security professionals from banking and insurance firms from eight countries (France, Germany, India, the Netherlands, Spain, Sweden, United Kingdom and United States) highlights the gap between the level of trust placed in banks by the public and the reality.
“When GDPR is introduced and all breaches are likely to be made public soon after they occur, many people will be in for a surprise,” said Zhiwei Jiang, Global Head of Financial Services, Insights & Data at Capgemini. “The introduction of GDPR legislation next year is a prime opportunity for business transformation for banks and insurers to become the digital fortresses consumers believe them to be.”
The General Data Protection Regulation (GDPR), European legislation due to come into effect in May 2018, will force organizations to disclose data breaches within 72 hours or face large penalties. Though an EU law, the Regulation will apply to companies (whether EU based nor not) that process personal data of European citizens, and is expected to affect banks and insurers in the US, UK and Asia. While compliance will be essential and is just over a year away, among executives surveyed only a third (32%) described their organization as having made strong progress in implementing the draft guidelines.
Though many instinctively trust their banks and insurers with their data, once this trust is broken they are likely to act. Three quarters of consumers (74%) would switch their provider in the event of a data breach. Among those who would remain with their bank or insurer if their information were compromised, over a quarter say they would be cautious about further investments.
Capgemini’s Digital Transformation Institute conducted a survey with 7,600 consumers in France, Germany, India, the Netherlands, Spain, Sweden, United Kingdom and United States, who shared their views on data privacy and security within the financial services industry. In addition, Capgemini’ s Institute talked to 183 senior data privacy and security professionals in France, Germany, India, Spain, United Kingdom and United States representing bank and insurance firms with combined global revenues of greater than $500 million, to understand their approach to cybersecurity and data use. A copy of the report can be downloaded here.
