'Just 1 in 5 bank exec confident about detecting a breach'

Banks and insurers globally as well as in India need to make consumer data more secure as just one in five banking executive is highly confident about the ability to detect a breach, let alone defend it, says a Capgemini report.

Capgemini's Digital Transformation Institute's survey of 7,600 consumers in France, Germany, India, the Netherlands, Spain, Sweden, the United Kingdom and the United States, found that just 21 per cent of banking executives were highly confident about detecting a breach.

Interestingly, banks and insurers enjoy a significantly higher level of trust from consumers in the cybersecurity of their systems (83 per cent) than any other sector, while for e-commerce firms it stands at 28 per cent and for both telcos and retailers it is 13 per cent.

"Consumers implicitly trust banks with their money and data, but this faith is rooted in a mistaken belief (that) their provider can be 100 per cent secure," said Mike Turner, Global Cybersecurity Chief Operating Officer at Capgemini.

Regarding India, the report said that "lack of consumer awareness can be partly explained by the fact that the concept of data privacy and protection is at a very nascent stage and no guidelines on reporting of data breaches exist".

Though many instinctively trust their banks and insurers with their data, once this trust is broken they are likely to act. As per the survey, around 78 per cent of consumers in India would switch bank in case of a data breach.

Even as financial institutions, particularly banks, are spending a staggering amount of money securing their systems, the number and frequency of data breaches is still rising.

"The evolving nature of the threat and lack of clarity among leaders perhaps explains why, despite high levels of investment, 71 per cent of organisations do not have a balanced security strategy nor strong data privacy practices," the report said.

It noted that the upcoming General Data Protection Regulation (GDPR) is expected to spur action, greater transparency with consumers.

The GDPR, European legislation due to come into effect in May 2018, will force organisations to disclose data breaches within 72 hours or face large penalties. Though an EU law, the regulation will apply to companies (whether EU based nor not) that process personal data of European citizens, and is expected to affect banks and insurers in the US, the UK and Asia. "When GDPR is introduced and all breaches are likely to be made public soon after they occur, many people will be in for a surprise," said Zhiwei Jiang, Global Head of Financial Services, Insights and Data at Capgemini.