A loss of confidential client information can be costly for any company but it can be particularly damaging for the financial services industry, according to a recent study by Mountain View, Calif.-based Symantec Corp. and the Ponemon Institute LLC in Traverse City, Mich.
The study, called the 2013 Cost of Data Breach Study, found that on average the loss of confidential data cost U.S. companies, both directly and indirectly, US$188 per record. The study defines a record as “information that identifies the natural person (individual) whose information has been compromised in a data breach.” That number jumps to US$254 when looking specifically at the financial services industry, including, banks, insurance companies, investment managers and payment processors.
This higher price tag for financial services companies is unsurprising to Larry Ponemon, chairman and founder of the Ponemon Institute, given the standards placed on the industry.
“Companies that have regulated data — financial services and health care and other industries — are more susceptible to a costly data breach because of regulatory requirements,” says Ponemon.
As well, according to study results, the financial services sector has a higher percentage of client turn over in the event of a data breach. In this case, the higher “churn” rate, as the study refers to it, is caused by high consumer expectations that a financial institution will have better safeguards against loss or theft than a retail company.
“People just have an expectation that their bank or an investment management company or insurance company are going to do a better job,” says Ponemon. “So, there’s more disappointment, if you will, on the part of the customer.”
Data breaches typically occur in a company, regardless of sector, through one of three ways: criminal activity, such as hackers, human negligence, such as the loss of a mobile device, and technology glitches. According to study results, 41% of security incidents were related to criminal activity, followed by 33% for human error and 26% for technology.
As well, criminal attacks on a confidential data often lead to a higher cost for companies, the report suggests. For example, a data breach caused by criminal activity results in a cost of US$277 per record, according to the study, compared with US$174 for technology glitches and US$159 for human error.
There are several steps financial services companies can take to help keep their clients’ information safe, says Linda Park, senior product marketing manager, Symantec, including the following: implement security technology that monitors corporate systems for criminal activity; encrypt all electronic devices; use strong identification procedures to monitor who is accessing corporate systems and applications.
Companies should also have an incident response plan in place that can be easily enacted should a data breach occur, says Park. A response plan includes engaging a third party security firm to do a forensic analysis, says Park, as well as going through customer databases to identify clients that need to be notified of the breach.
The study, now in its eighth year, is sponsored by Symantec and conducted by the Ponemon Institute. Results are compiled from 54 companies across 14 different industries. Studies were also conducted in the following eight countries: Germany, Australia, the United Kingdom, France, India, Brazil, Japan and Italy.