Survey: Financial service sector most heavily targeted

LAST year was the worst year for reported data loss incidents since KPMG’s annual Data Loss Barometer began in 2005.

The survey findings suggest that if the same data loss pattern continues, the number of people affected by data loss globally could rise to 190 million this year, and it is the financial service sector which tends to be the most heavily targeted.

A recent Thompson Reuters report entitled Businesses risk US$1 trillion losses from data theft – study earlier this year echoes these findings.

KPMG’s e-Crime survey in 2009 found that 80% of its respondents don’t believe that security software based on signature detection offers a sufficient level of protection to Internet users and 62% of respondents don’t believe their business dedicates enough time, budget and resources to locating vulnerabilities.

It also looks like the credit crunch will also lead to a “data crunch” and we expect to see a substantial increase in malicious data theft attempts in 2009 with the financial sector being the biggest target.

Top data security threats

Last year, data loss was in the public domain for all the wrong reasons. This, combined with the fact that the credit crunch has left customers questioning the ability of banks to act as effective custodians of their money, has made data security and banks an attractive issue for the media.

Businesses recognise the negative reputational risk that a data loss incident may bring to bear and are therefore decidedly interested in preventing such incidents.

Businesses do realise the reputational risk of neglecting what has historically been an information technology (IT) issue for many businesses in the financial sector.

The combination of regulatory pressure and reputational risk is moving data security from its historical place as an IT issue to one that is today seen as a strategic and fundamental business issue, the purview of senior management.

Key areas of focus

There are many areas for businesses to consider when undertaking the updating and improving of an organisation’s data security, including third-party supplier relationships.

Senior management engagement. For a data security programme to be effective, it is important that the initiative is driven from CEO-level down. Senior management engagement is fundamental in creating a framework that supports strong corporate governance, assurance, confidentiality and integrity across the data management life cycle and right through a company.

Awareness and training. Training staff and creating awareness is an essential area of focus and often brings the highest returns on investment. This cultural awareness and training around the fundamental importance of data security – supported by regularly implemented, tested and updated education programmes – should ensure a workforce that is engaged with the issue and clear on their own responsibilities.

Third-party supplier relationship management. Third parties often have access to personal and highly confidential information – in some cases there are organisations with unnecessarily complicated third party contracts which lead to undefined boundaries between the organisation and its trading partners.

The banking sector remains responsible for the integrity and security of this data regardless of who holds it and where it is held. Banks that have such sourcing arrangements need to go beyond this and verify that third-party suppliers handling sensitive data have the proper controls in place and are fully compliant with data security requirements.

How to get started?

Being self-aware is the first step towards a successful data security initiative.

Businesses should be prepared to ask questions such as:

● Where your data come from, where they are stored and how they are used?

● Does the staff understand the importance of good data handling?

● Are you confident that your IT networks and systems are secure?

● Do you have a clear plan of what to do should you lose data?

The next step for businesses is the creation of a comprehensive data security policy and a programme of activity to provide assurance that polices are being understood and followed.

Information is the lifeblood of any organisation. Therefore, safeguarding the data from theft or unintentional disclosure is absolutely critical to ongoing commercial success. To reduce these incidents from happening, a sound framework should be put in place which looks at processes, capabilities and controls.

This will help minimise reputational damage and potential regulatory scrutiny and to keep the company, shareholders and customers feeling safe and secure about their data.

Financial services companies, more than ever before, need to be on top of this issue. If they fail to do so, then in an underground economy, where data is money, they and other key stakeholders may find they are in real danger of falling behind in the race to stay in control.

• Resorts World Singapore casino to open this week
• Higher Maxis dividends expected
• Toyota readies global Prius recall
• Ekuiti Nasional aims to deliver at least 12% returns
• Electricity generation from air?
• Abu Dhabi bank plans to start operating in Malaysia
• KNM's RM3.55bil value counted after deducting debt
• Cyber attack in M'sia still under control
• Dow closes below 10,000 for 1st time in 3 months
• Maxis targets to wire up 500 buildings by year-end

Business Links

Latest Jobs from Star-Jobs

• Purchasing Executive
• Accountant/Account Eexcutive
• Product Manager/Executive
• IT Executive (Applications)
• Executive, Internal Audit

• Sales Representatives
• Marketing Executive
• Maintenance Assistant
• Security Guard
• Human Resource Executive

Latest from StarProperty

• Festive Chinese New Year home decorations
• WCT unit gets RM467m contract for Bahrain hotels
• Sime Darby will consider good tie-ups
• Resorts World Singapore casino to open this week
• Alison Piotrowicz: View from the top