Insights & Analyses

Just 21% of financial institutions confident they could detect a data breach, survey finds

April 6, 2017

Though banks are gatekeepers of important personal and financial information, officials from nearly 80 percent of financial institutions said they are less than “highly confident” about their ability to identify a data breach when it happens.

The statistic comes from a recent survey conducted by Capgemini Consulting, which polled 183 senior security and privacy professionals from global banking and insurance organizations.

The survey also found that 49 percent of institutions take between 3 months to a year to patch and manage vulnerabilities on critical systems. And only 40 percent of organizations said they have fully-automated cyber threat intelligence processes.

Regarding data privacy, Capgemini found that 78 percent of banks and insurance organizations retain customer data even after the person is no longer a customer. Among those, 62 percent said they retain it for as long as 10 years after the customer has left.

The survey highlights potential identity-related security issues in the established financial world.

And yet despite this, customers continue to have faith in their financial institutions. Capgemini also polled 7,600 consumers, and just 3 percent of them said their bank or insurer had been subjected to a cyberattack or data breach in the last 12 months — far out of line with the 26 percent of institutions who said they had fallen victim.

This “perception gap” between consumer beliefs and reality varies wildly around the world. For example, in the U.S., consumers are more aware of data breaches, whereas in Spain, France and India the expectations fall well short of reality.

In all, despite apparent security shortcomings, a whopping 83 percent of consumers indicated they consider banks and insurers to be trustworthy. Even when sorted for generations, 78 percent of millennials expressed faith in established financial institutions.

Interested in learning more? Join us at the K(NO)W Identity Conference May 15-17 in Washington D.C. for a panel on the risks and security associated with cloud identity management.