Data losses at financial services firms is mostly down to negligence and human error, according to new research by The Ponemon Institute. 

 

According to a survey of senior staff with security responsibilities at 80 multinational financial services firms, insiders are cited by 75% of respondents as the main reason for data breaches, followed by outsourcing to  third parties, cited by 42% Malicious intent by insiders comes third, cited by 26% of those polled. 

 

The report also found that while 60% of organisations have a chief privacy officer, 50% of them report that they have insufficient resources. Only 56% of respondents have identity compliance procedures in place, while only 47% have intrusion detection systems. Data loss protection technology is used by only 41% while 88% still use social security numbers as a primary identifier.

 

The Ponemon Institute says the six primary areas of vulnerability for the financial services industry are: 

Larry Ponemon of the Ponemon Institute commented: "One of the most important things a company can do to assure their future success is to plug the holes in their security policies that were demonstrated in this study. While there is a great deal of progress being made, there is still a long way to go."

 

The study - Privacy & Data Protection Practices: a Benchmark Study of the Financial Services Industry - was compiled from interviews with chief information security officers, chief security officers, chief privacy officers or executives with equivalent responsibilities from 80 multinational financial services organisations.  

 

The sutdy was carried out on behalf of security specialist Compuware.  "Safeguarding customer data is the best approach for financial services and other organizations to retain valuable customers, protect the company's reputation, and avoid negative regulatory impacts," said Rose Rowe, Compuware Vice President, Mainframe Strategy.