alexlukin - Fotolia

Finance firms are vulnerable to cyber attacks, so why do customers think they are secure?

The public are overly confident in the ability of banks and financial institutions to protect their data, but that will change when mandatory reporting comes in next year under the General Data Protection Regulation

Cyber security is a topic which is never out of media headlines. Widely reported hacks in recent months have invited fresh scrutiny, showing how vulnerable large organisations are to the evolving cyber threat.

Financial institutions have largely stayed immune from this criticism, remaining the most trusted organisations by UK customers. However, are “traditionally secure” institutions such as banks and insurers as safe as customers think they are?

A recent Capgemini report – The currency of trust: why banks and insurers must make customer data safer and more secure – revealed a striking gap in customer perception and executive-level confidence in the banking and insurance sector when it comes to their institution’s ability to detect data breaches and guard against them.

The report, which analysed global data from more than 7,600 consumers and 180 senior data security professionals, reveals the true state of current security and detection methods used by major banks and insurers.

Over a quarter (26%) of UK financial services said their organisation had suffered a data breach in the past 12 months and, more worrying still, just under one in five (19%) banking executives are highly confident in their ability to detect a security breach – this rising to 21% globally.

The report highlights that customer trust in banks and insurers in the UK still remains high, with 82% rating them among the most trusted institutions. Only 2% of UK customers believed a data breach had occurred at their bank or insurer in the past 12 months.

But with 19% of UK banks and insurers admitting a data breach had actually occurred in their organisation, the research clearly highlights the considerable gap between public perception and reality.

One reason for this unwavering trust among banking and insurance customers could, in part, be due to organisations failing to voluntarily share news of data security breaches. A security breach, after all, could be devastating for any financial organisation, with people looking to deposit their money and set up with competitor organisations in the event of even a scare. In fact, the report shows that 80% of UK customers would change their bank or insurer as a result of a breach – high stakes for financial organisations.

GDPR: Addressing the glaring global gap

However, banks and insurers will be forced to reveal any data breaches that occur as a result of the incoming General Data Protection Regulation (GDPR), which will come into effect in May 2018.

This new regulation will demand transparency from all organisations about any data breaches and ensure that they take the necessary actions to inform customers quickly and accurately. Companies holding personal data will be under strict obligation to disclose security breaches within 72 hours or face large penalties.

With just over a year to go, the signs are looking promising when it comes to compliance, with up to 41% of financial service organisations revealing they are already set for compliance with the regulation.

The GDPR will fundamentally pave the way for an age of transparency. All organisations – not just financial institutions – will have to ensure they are investing in robust cyber security, or pay the price by losing the trust of their customers. The perception of customers must be mirrored by reality when it comes to cyber security in the coming year.

Read more on Data breach incident management and recovery