Do you trust your bank?

Do you trust your bank?

Even Facebook, often perceived as being fairly cavalier with its users’ personal data, is rolling out new security.

They probably needed to do this. Research from the Huffington Post last year showed that only 3% of US adults have “a lot” of trust in Facebook while  62% trust Facebook “nor very much” or “not at all”.

Consumers may be right to be suspicious of the way that Facebook looks after their data. But while Facebook has apparently been hacked, this suspicion is probably more due to the way they use data, and not because they have a tendency to lose it.

Facebook holds huge amounts of personal data. And so do banks. But while people worry about Facebook they are oddly sanguine about their bank. In fact according to recent research from Capgemini trust levels for UK banks are at 83%, compared with 28% for ecommerce firms and just 12% for telcos.

The trust gap

That’s good news for the banks. In fact, while only 3% of adults think their own bank has been hacked, some 26% of banks have reported a breach – indicating a massive difference between what consumers think and reality. This high level of trust may at least in part be because banks are failing to tell consumers that they have been breached.

But will this trust last? It is significant that the gap between reality and perception is lowest in the USA where mandatory breach reporting requirements are far higher than they are in Europe or countries like India.

This is set to change, in Europe at least. The GDPR, due to come into play in May 2018, requires reporting of breaches to consumers where significant damage to consumers has occurred (or is likely to occur) as a result of a breach. This is different from the current requirements under the Data Protection Act which does not contain a requirement to notify consumers.

Of course if the breach goes undetected, then it can’t be reported! And the Capgemini research indicated that only 21% of banks were confident they were highly likely to detect a breach. This is worrying. Not just because detecting a breach is important. But because a failure to detect breaches may well indicate a failure in other areas of data security.

It hardly comes as a surprise that just under a third (31%) of UK banks and insurers take between three months and a year to patch and manage vulnerabilities on critical systems. And fewer than half of them (45%) have fully automated cyber threat intelligence processes.

As consumers we can only hope that GDPR acts as a wake up call to banks, prodding them into greater and more effective efforts to protect our data.  And if it doesn’t, well then banks need to reflect that fully 80% of UK consumers say they are likely to switch banks and insurers in case of a data breach.

Copyright Lyonsdown Limited 2021

Top Articles

Australian energy giant CS Energy suffers a ransomware attack

Australian energy company CS Energy suffered a ransomware attack on November 27 that targeted its corporate network.

Misconfiguration of a management user interface (UI) tool leads to exposure of mission-critical data

Kafdrop, a popular open-source Apache Kafka user and management interface had configuration flaws that provided criminals with access to event-streaming platform Apache Kafka used by more than 60 per cent…

ICO serves £500,000 fine to the Cabinet Office for New Year Honours data breach

The ICO has fined the Cabinet Office £500,000 for failing to prevent the leak of postal addresses of over 1,000 people who were among the 2020 New Year Honours recipients.

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]