Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.


By Jon Cano-Lopez, Chief Executive, REaD Group

Jon Cano-Lopez
Jon Cano-Lopez

It seems we can’t go a week without hearing of another high-profile data breach, news that understandably incites panic among businesses big and small. From the NHS to WPP, the list of organisations to fall victim of a security breach is both long and diverse. But these organisations have one thing in common; they have all faced devastating repercussions as a result of a breach.

With much discussion around cyber security, the UK government’s recent Cyber Governance Health Check Report is truly shocking. It focuses on FTSE 350 companies and highlights an urgent need for action. As businesses increasingly turn to digital formats to store their information, hackers are simultaneously devising more sophisticated means of gaining access. As a consequence, the likelihood of a data breach is growing. However, the report found that only 54 per cent of board members view cyber security as a top risk facing their company, implying that many are putting themselves in a vulnerable position.

Why prepare?

There are many reasons why it’s important to protect your business from the growing threat of a cyber attack. For the financial sector, recovering from a data breach can be particularly expensive. In addition to compensating customers, fines canbe crippling. These figures are set to rise next year, when the EU General Data Protection Regulation (GDPR) comes into force.

The GDPRis widely accepted to be the biggest shake-up in data regulation of recent decades and replaces the Data Protection Act, which was introduced in 1998, before cyber security was such an issue. The regulation applies to any business in possession of European data, meaning it’s therefore likely to affect financial organisations operating around the world. With fines of up to €20 million or four per cent of annual turnover, businesses need to take this seriously.

A key focus of GDPR is data security. The rules clearly state that organisations should store information in a format that protects it against “unauthorised or unlawful processing and against accidental loss, destruction or damage”. If companies suspect their data has been illegally accessed, they will have 72 hours to report it and inform their customers. While the new laws should assure consumers, these preparations should also reduce the likelihood of a breach, making it more difficult for third parties to hack into personal records.

Aside from financial repercussions, the reputational damage associated with a data breach can be equally as difficult to recover from. Customers trust banks to store sensitive information in a responsible manner. If this trust is broken, financial organisations risk losing both new and existing customers. REaD Group recently commissioned research into consumer trust, which asked people which sector they most trust with their personal data. The financial sector came out on top, with 44% of people saying they still trust banks with their information.

How to protect your data

A good start to ensuring your data is secure is by becoming GDPR compliant. Meeting its conditions will have an ancillary effect of showing up insecure systems. But, according to the government report, only six per cent of board members would describe themselves as prepared for GDPR, despite the regulation coming into force in less than ten months’ time, showing that urgent action is needed.

Carrying out a ‘data health check’, will allow financial companies to understand what their information estate looks like. It is essential that they are clear on the information they have, how it was obtained, how it’s processed and where it’s stored. All data should be able to show a full audit trail. Even honest mistakes could be extremely costly once GDPR is implemented.

The regulation clearly states that data controllers must have a lawful basis for processing personal data including consent and legitimate interest. Due to the nature of their work, financial organisations often need a vast amount of personal data to operate. Banks need to communicate clearly with their customers to ensure they understand exactly what information is being shared. Hiding consent in the small print and confusing wording was a popular tactic in the past, but GDPR clearly indicates that this is no longer acceptable.

Ultimately, the financial industry needs to prove to consumers that it can be trusted with large quantities of personal information. In doing so, it will also make it more difficult for this information to be illegally accessed.

Unfortunately, there is no quick fix for cyber security issues but this should not discourage businesses from making the effort. The financial sector is an obvious target for hackers, with more personal data than many other sectors. The risk of financial and reputational damage is simply too significant not to take the issue seriously. The latest report from the government should act as a wake-up call; the financial sector needs to act swiftly before May 2017, when GDPR comes into force.