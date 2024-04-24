Alasdair Anderson of Protegrity discusses how FS companies can protect data image credit: shutterstock

There is no shortage of news headlines about companies falling victim to cyber breaches and the astounding costs associated with them. According to the IBM Cost of a Data Breach Report 2023, the global average cost of a data breach in 2023 was $4.45m, a 15% increase since 2020. For the financial services industry, the cost is even higher at $5.9m per breach, 28% above the global average.

In addition to the higher price tag associated with a cyber breach, companies within the financial industry must also adhere to evolving compliance regulations that dictate how they respond to an attack and where they must invest to reduce the total risk.

The financial industry is an attractive target for attacks. This is evident in the fact that UK-based financial services firms reported a more than threefold increase in the number of cybersecurity breaches to the Information Commissioners Office (ICO) in the 12 months to June 2023. While cyberattacks are on the rise, there are several measures that financial organisations can take to help safeguard sensitive data and achieve compliance in the event of a cyber breach.

Protect the data first

Should a financial business fall victim to a cyber-attack, attackers would have access to millions of transaction and client records. To safeguard these records, the company should prioritise a data-centric, zero-trust security posture with fine-grained data protection. With many enterprises today having users and partners working from anywhere, stringent controls need to be in place to minimise the opportunity for potential threat actors and malicious insiders to access and exploit an organisation’s sensitive data.

In addition to this, financial organisations stand to benefit from treating all sensitive data the same as critical payment data (PCI-DSS). In adopting this security standard, companies will meet the 12 fundamental criteria that make it more difficult for bad actors to acquire critical data. It is an effective measure against fraud and misuse.

Achieve cross-border compliance

Data compliance is a key component of doing business today, particularly for the financial industry. However, different regions have different regulations in place and these often change, making it a challenge to stay abreast of the latest requirements, particularly if a company is working across borders.

How well do you really know your competitors? Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge. View profiles in store Company Profile – free sample Thank you! Your download email will arrive shortly Not ready to buy yet? Download a free sample We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form By GlobalData Submit Country * UK USA Afghanistan Åland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire, Sint Eustatius and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos Islands Colombia Comoros Congo Democratic Republic of the Congo Cook Islands Costa Rica Côte d"Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati North Korea South Korea Kuwait Kyrgyzstan Lao Latvia Lebanon Lesotho Liberia Libyan Arab Jamahiriya Liechtenstein Lithuania Luxembourg Macao Macedonia, The Former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestinian Territory Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Russian Federation Rwanda Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and The Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and The South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates US Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela Vietnam British Virgin Islands US Virgin Islands Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe Kosovo Industry * Academia & Education Aerospace, Defense & Security Agriculture Asset Management Automotive Banking & Payments Chemicals Construction Consumer Foodservice Government, trade bodies and NGOs Health & Fitness Hospitals & Healthcare HR, Staffing & Recruitment Insurance Investment Banking Legal Services Management Consulting Marketing & Advertising Media & Publishing Medical Devices Mining Oil & Gas Packaging Pharmaceuticals Power & Utilities Private Equity Real Estate Retail Sport Technology Telecom Transportation & Logistics Travel, Tourism & Hospitality Venture Capital Tick here to opt out of curated industry news, reports, and event updates from Retail Banker International. Submit and download Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

To help overcome this, companies should consider investing in a security platform that can centralise administration and standardise data protection enforcement policies across state and country borders, data environments.

Get board-level involvement

Just as regulatory compliance is an ongoing process that requires collaboration across your organisation, from senior leadership down, so too is cybersecurity, with strong executive support leading to better cyber defences.

Traditionally the board takes a long-term approach to the business, looking beyond the day-to-day requirements. This approach should also be applied to cybersecurity, with the board taking ownership, assigning responsibility for cybersecurity to a trusted senior executive, and driving the topic top-down through the organisation. This top-down approach will drive a cultural shift in cybersecurity across the organisation.

Elevate and empower cybersecurity departments

Security Operations (SecOps) is a highly skilled team that has been tasked with safeguarding the organisation’s assets and protecting the customer’s data. However, organisations are facing an increasingly sophisticated threat landscape and SecOps are becoming increasingly complex. To help overcome some of these complexities and challenges, SecOps must be empowered with the tools and talent to mitigate and respond to data breaches more effectively.

Spend smarter, not harder

To minimise potential cyber risks and protect the business, companies are spending vast amounts on cybersecurity. While the investment in cybersecurity is necessary, to stay a step ahead companies need to invest strategically in end-to-end data protection that safeguards the ‘crown jewel’ often targeted by cybercriminals, as these criminals will continue to find new and savvier ways to get through the perimeter to access this data.

Enable privacy-empowered data sharing

To innovate, grow the business and revenues often it is necessary to share data across departments, business units, partners or suppliers in different, cities or even on different continents. In protecting their data, companies must not overlook this data in motion, also known as data in transit, which is the transmission of digital information from one location to another. This data can include data transfers between devices, data sent across the Internet, and data sent to virtual private networks (VPN).

With data in motion often transmitted over the internet, which requires the data to leave the secure confines of a network perimeter, it needs to be secured through encryption to prevent it from being viewed or changed. However, de-identifying data with pseudonymisation and anonymisation adds a further layer of protection to keep data secure wherever it travels.

Protecting the data of a financial organisation must be a key priority for the business. Not only do customers expect this, but there could also be significant regulatory implications of not adhering to data protection legislation. Achieving this is a complex process that not only requires investment in the right technologies and tools that can protect data and empower IT departments to mitigate potential data breaches, but also requires senior leadership to drive a cultural shift throughout the organisation which sees everyone working towards keeping data secure and minimising potential risks which not only has regulatory implications but importantly could impact customer and employee trust, and the overall reputation of the business.

Alasdair Anderson is VP EMEA at Protegrity