82 percent of finserv organizations suffered a data breach in the last year
A new report, based on a global survey of 250 decision makers at large financial services organizations of over 5,000 employees, shows that 82 percent have suffered a data breach via cyberattack, or a data leak, an unintentional exposure of sensitive data, in the past year.
The report from Blancco Technology Group finds 43 percent of breaches or leaks were attributed to stolen devices and drives.
Over a third of those breached experienced customer loss (37 percent), with additional impacts including declines in customer revenue (40 percent) and share prices (36 percent) -- fines, operational downtime, ransom payments, and legal expenses further intensified the damage.
“Financial services organizations manage some of the most sensitive and high-value data of any industry, making the sector a prime target for cyberattacks and placing significant demands on data security and governance," says Blancco chief executive officer Lou DiFruscio. “Our report provides a glimpse into how the cybersecurity landscape, evolving regulations, advancements in AI, and sustainability goals are shaping the way that financial institutions manage and dispose of their data today.”
Among other findings are that 60 percent of financial services organizations increased their compliance spending in the past year, by an average of 47 percent. Not only is this sector impacted by general data privacy laws, new compliance requirements are often industry-specific, like PCI DSS updates, and sometimes apply only to a subset of the sector, such as organizations regulated by the US Securities and Exchange Commission (SEC).
Only one in five respondents say that their organization requires compliance with the two most prominent data sanitization standards for old kit: NIST SP 800-88 Rev 1 (21 percent) and IEEE 2883 (19 percent), both of which support media reuse after proper sanitization. Low adoption of these standards creates unnecessary risk, added cost, and waste in the financial services sector as devices are needlessly destroyed.
Although 86 percent say their organizations have deployed some form of AI, around a quarter say AI adoption makes it more difficult to achieve regulatory compliance and nearly 30 percent report increased collection of redundant, obsolete and trivial (ROT) data.
You can get the full report from the Blancco site.
Image credit: zimmytws/depositphotos.com