InfoWatch Research Center presents its first bi-annual report on Data Leaks in the Financial Services Sector: January – June 2012. For the first half of 2012 over 2 million records have been compromised, containing both financial data and personal data of clients and employees. Financial service providers lost over 2 billion USD in direct losses during the first half of 2012.
The InfoWatch Research Center has collected data about data leaks since 2006. The database contains the data on all publicly reported incidents of malicious or negligent actions which led to data leaks in various financial institutions.
Despite a drop in leaks affecting enterprises relative to the overall number of data leaks, the percentage of breaches in the financial services industry remains stable – 5-7%. Up to 60% of the leaks studied affected financial information and only 8% of the data leaked by banks is personal information. Thus the financial services sector occupies a unique niche in terms of IT security. In other sectors, personal information makes up 87.8% of data leaked.
The peculiarity of financial sector against overall situation becomes evident if looking at data leakage channels and intent occurrence. The financial services industry suffers more from malicious breaches than other segments – 37% and 20% respectively. Interestingly enough, 41.7% of the leaks in the financial services segment occur via backup copies of data versus email, the Internet and portable data devices.
«Banks have succeeded in combating the leaks through “traditional” channels – e-mail and web mainly with help of technical security solutions. On the other hand the high percentage of intentional leaks shows that channels control is insufficient. It is necessary to understand where and how corporate data is travelling and stored and the level of its confidentiality. Unfortunately inexpensive mass solutions are here inapplicable in the vast majority of cases”, says Alexander Zarovsky, Head of international business development, InfoWatch.
According to InfoWatch analysts, most direct losses of financial organizations are caused by negligent actions by employees, not fraud, since existing technological safeguards have achieved a certain level of effectiveness. Negligence includes improper disposal of paper documents, incorrectly designed and deployed security policies, negligent storage of backup data and so forth. As a result, regulators are pursuing offenders and fining banks for lack of compliance to existing legislation.