Just 1 In 5 Banks, Insurers Confident They Detect Breaches – New Study Shows

New Capgemini research shows that only one in five banks and insurers are confident they could adequately detect a cybersecurity breach. Capgemini’s release states:  Banks and insurers enjoy a significantly higher level of trust from consumers in the cybersecurity of their systems (83%) than any other sector (with e-commerce firms at 28% and both telcos and retailers at 13%). However, the financial services industry doesn’t share the same sentiment. Just one in five banking executives (21%) are highly confident in their ability to detect a breach, let alone defend against it. IT security experts from VASCO Data Security and CipherCloud commented below.

John Gunn, VP of Communications at VASCO Data Security:

“Consumer confidence in their banks is truly well justified. Banks spend far more on security than any other industry segment. The largest losses at banks are not from breaches but from account takeover, transaction tampering, and call-center and ATM fraud that is the result of phishing attacks, social engineering, and malware. New security measures that include biometric and behavioral authentication, and real-time risk analysis to identify fraud are proving increasingly effective at stopping these types of attacks, and consumers are universally made whole by their banks anyway.

The idea that the adoption of GDPR will result in the prompt disclosure of data breaches is a fallacy. It took Yahoo years to discover that they had been breached. At that point, what difference does 3 days or 3 months make in disclosure.”

David Berman, Director of Product Management at CipherCloud:

“This gap in confidence around breach detection highlights the need for data-centric approaches like encryption and tokenization to mitigate the worst outcomes of a breach even if the organization fails to detect an intruder, and to ensure that stolen data is useless to attackers. Data-centric approaches like persistent encryption also enforce protection on mobile endpoints, a critical requirement now that threats have a much larger attack surface to target with cloud applications.”