The News General DM News Outsourcing data is one of main causes of data breaches at banks shows Ponemon/Compuware research
08 March 2010
The outsourcing of data to vendors and other third parties is one of the main causes of data breaches at financial institutions, reveals research completed by the Ponemon Institute on behalf of data management firm Compuware.
The outsourcing of data management and other business processing tasks by the banks has proved to be a controversial move, particularly in light of reported data breaches when the data has gone abroad.
According to the Ponemon survey of senior staff with security responsibilities at 80 multinational financial services firms, negligent insiders were the main reason for data breaches, cited by 75%. The second most common cause though is the outsourcing of data to vendors and other third parties, reported by 42%. This was followed by malicious insiders at 26%.
Ponemon says there are six primary areas of vulnerability to privacy and data security for the financial services industry. These are the risk of a data breach, diminishment of customer loyalty and trust, malicious or negligent insiders, risk of outsourcing confidential data to third parties, regulatory non-compliance, and ineffective privacy and information governance.
The study, Privacy & Data Protection Practices: a Benchmark Study of the Financial Services Industry, found that 83% of financial service companies surveyed used real customer and other commercial data in the development and testing of applications. And a majority of these organisations do not take appropriates steps to protect this confidential and sensitive information.
In addition to this area of vulnerability, the Ponemon study found other commonly overlooked areas of risk to data security, including:
- Identity compliance procedures - used by only 56% of companies surveyed
- Intrusion detection systems - used by only 47%
- Data loss prevention technology - used by only 41%
The report also found that whilst 60% of organisations have a chief privacy officer, 50% of them report that they have insufficient resources to accomplish their goals and objectives.
"One of the most important things a company can do to assure their future success is to plug the holes in their security policies that were demonstrated in this study," said Larry Ponemon, founder of the Ponemon Institute.
