Data Security in Financial Services

There is currently a paradox facing financial services providers as the technological and social revolution demands a new approach to customer service that utilises new tools in an ever more customer friendly manner. However, increasing cyber-crime has resulted in new waves of regulation that ostensibly threaten the ability of firms to roll out such consumer facing processes and tools. Those firms that reap the greatest rewards from the ever evolving technology options are those that successfully maintain the balance between these two opposing forces of access and security.
Traditionally, security has focussed on preventing unauthorised access to information but the nature of threats has developed to a point where prevention alone is not sufficient. The average breach inside major companies remains undetected for 229 days and only twenty one percent of attacks are discovered on the same day they are launched. The nature of security breaches has matured, often faster than the traditional prevention solutions: therefore, security must now also evolve to ensure that detection and response mechanisms are in place across an organisation with every member of staff becoming a key part of this detection and response mechanism.
This level of organisational change needed will see several players move outside their comfort zones.
New partnerships, internal processes and an acceptance that prevention alone cannot suffice as a cyber-security strategy, are prerequisites for some of the changes, whilst agility and rapid response need to be introduced into this new approach.
Financial Services firms must prioritise their investments of time and money and accept that their security strategy will no longer be about identifying threats and preventing them, but will be about defining areas of risk and developing mitigation strategies to match these.
Whilst many of the trends described in this paper are already visible, the coming decade is likely to be more disruptive. Financial services providers need to overcome the general industry levels of conservatism – both organisationally and technologically – if they are to adapt to the new world and the demands it places on security policies.
To read the full report, please download the PDF version using the button above.