Securing Financial Services Data
When it comes to high-profile data breaches, the financial services sector has been the victim of more than its fair share. From the Heartland breach in 2009 that saw the card details of 130 million customers compromised to the Equifax breach of 2017 that saw 143 million customer records exposed.
The global appetite for cyber-crime shows no signs of abating. In the first half of 2017 alone, 1.9 billion data records were lost or stolen. (Gemalto Breach Level Index) That’s more than 10.5 million records a day. This data comes at a heavy price. The average cost of a data breach was $3.6 million in 2017 (Ponemon Institute 2017), the equivalent of $141 per record. However, some industries are hit harder than others.
It’s important to view financial data breaches in the broader context of the industry. Every IT department, regardless of industry, has had the mantra of “more for less” drilled into them for the last five years. This can be challenging at the best of times. For financial services businesses, facing competition from non-traditional market players and living with more regulation than most, it is even more difficult.
Confidentiality has always been a key component of the financial services sector. Beyond the implied duty of care and the explicit legal compliance obligations, a bank’s approach to cyber security can have a significant impact on its risk profile.
1.9 billion records lost or stolen in the first half of 2017
Source: Gemalto Breach Level Index
Large corporations and wealthy private investors have always put a lot of stock in the confidentiality and risk management approach of financial institutions. In the digital era, this has moved beyond a simple matter of discretion to a more complex, cyber-security status.
The implications of a breach extend well beyond simple business continuity. They include: the potential loss of intellectual property, a breach of compliance obligations, punitive financial penalties, remediation costs, a loss of brand equity, trust and customer loyalty.
Data protection strategies are based on two core principles. Prevent and protect. The likelihood of a breach has almost been reduced to an inevitability. Given that prevention has proved to be ineffective, perhaps salvation can be found in protection. If the network itself is not secure, make sure the data is.
The average cost of a data breach in 2017
Source: Phonemon Institute
The adoption of data encryption is on the rise, particularly within the financial services sector. Mandated within many compliance regulations, data encryption is acknowledged best-practice and can help protect data in the long-term, post-quantum computing era.
According to the Ponemon Institute the use of data encryption is the second most important factor when it comes to reducing the cost of a data breach (the first being an effective incident response team). Saving an average of $385k per breach.
The banking and financial services sector is becoming increasingly digital, with the majority of transactions taking place electronically and the evolution of mobile banking, contactless payments and crypto-currencies impacting not just how we pay, but what we pay with.
Technology is set to impact the industry further in the form of quantum computing. The development of a computer capable of undertaking complex calculations millions of times faster than today’s super computers has obvious advantages. More power means improvements in high-frequency trading, complex macro-economic modelling and fraud detection.
However, it also threatens the status-quo of public key cryptographic primitives. The Elliptic Curve RSA algorithms used the secure confidential information today will be broken in years to come.
However, that doesn’t mean you should wait until quantum computers become commercially available to develop a quantum-safe security strategy. Data stolen today can be stored until the computing resource comes available and hacked at a later date.
The long-term viability of much of today’s data means that if the financial services sector is to stay ahead of the cyber-criminals, it needs to be planning and implementing quantum-safe cryptography now.
Discover more about quantum-safe cryptography here.