View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Software
January 9, 2009

Banks falling behind on data security

Half of the PwC survey respondents admit that their privacy strategy is not linked with compliance plans

By Jason Stamper

Financial services firms are not doing enough to securely manage and store sensitive customer data records, and are in danger of falling behind legal requirements on how they handle and protect sensitive information.

More than half of financial services apparently do not have an accurate map of how customer and sensitive internal data is collected or transmitted, or where it is stored in their operation. Almost as many concede that they do not require third-party service providers to comply with their company’s privacy policies.

The damning statistics have come out of a global study by auditors PwC in 2008, during which it quizzed more than 7,000 CEOs, CFOs, CIOs, CSOs, vice presidents and directors of IT and information security from 119 countries. This included more than 650 financial services executives.

The survey has identified some common gaps in the way that businesses in the financial services sector manage their security regimes. Half the sector respondents gauged that their firm does not integrate its privacy strategy with its compliance plans, while virtually two-thirds suspect their information security and physical security departments do not report to the same executive.

“Financial services firms have been leaders in privacy and security, but their policies and capabilities are being outstripped by changes in technology and business practices,” said Sergio Pedro, managing director, PricewaterhouseCoopers. They should re-examine their security networks to help ensure compliance with privacy and data-protection regulations.

Some progress has been made over the last year, with PwC noting that “across industries, countries and regions, business models and company sizes, respondents report double-digit advances in implementing new security technologies across virtually every security domain, from prevention to detection.”

Respondents working the financial services sector reported gains in the deployment of systems such as malicious code detection tools (around 84% from 67% in 2007), content filtering (up to 80% from 62% in the year-ago period), and wireless handheld device security (50% against 38% for 2007).

Content from our partners
How to turn the evidence hackers leave behind against them
Why food manufacturers must pursue greater visibility and agility
How to define an empowered chief data officer

Although both business and security priorities vary widely, this year’s responses reveal that, in general, there are several clear and promising opportunities to safeguard sensitive information.

These are concentrated in five areas, PwC has concluded, and take in improving privacy protections, getting better control over access, strengthening the security that enables sourcing, alliances, and other collaborative networks, using people and process to take full advantage of data loss prevention (DLP) technologies, and taking a risk-based approach to compliance with regulations and standards ranging from Sarbanes Oxley and the European Union Data Protection Directive to the global payment card industry’s (PCI) data security standards.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU