However, security professionals within the financial services industry does not share the same sentiment as just one in five banking executives (21%) are highly confident in their ability to detect a breach, let alone defend against it.
The survey was conducted on 7,600 consumers and over 180 senior data privacy and security professionals from banking and insurance firms from eight countries (France, Germany, India, the Netherlands, Spain, Sweden, United Kingdom and United States).
Despite the importance they attach to the security and handling of sensitive financial data, consumers appear to instinctively trust banks and insurers without strong reason. The majority of consumers view trust in data privacy and security as an extremely significant factor when choosing their bank (65%).
The General Data Protection Regulation (GDPR), European legislation due to come into effect in May 2018, will force organizations to disclose data breaches within 72 hours or face large penalties. While compliance will be essential and is just over a year away, among executives surveyed only a third (32%) described their organization as having made strong progress in implementing the draft guidelines.
Though many instinctively trust their banks and insurers with their data, once this trust is broken they are likely to act. Three quarters of consumers (74%) would switch their provider in the event of a data breach. Among those who would remain with their bank or insurer if their information were compromised, over a quarter say they would be cautious about further investments.
Commenting on the results of the study John Gunn, VASCO Data Security said “Consumer confidence in their banks is truly well justified. Banks spend far more on security than any other industry segment. The largest losses at banks are not from breaches but from account takeover, transaction tampering, and call-centre and ATM fraud that is the result of phishing attacks, social engineering, and malware. New security measures that include biometric and behavioural authentication, and real-time risk analysis to identify fraud are proving increasingly effective at stopping these types of attacks, and consumers are universally made whole by their banks anyway.
The idea that the adoption of GDPR will result in the prompt disclosure of data breaches is a fallacy. It took Yahoo years to discover that they had been breached. At that point, what difference does 3 days or 3 months make in disclosure.”
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now