Every candidate, employee and stakeholder – whatever the size of their organisation – needs to have a thorough understanding of data protection legislation and compliance.
This has become apparent following the uproar earlier this year surrounding the so-called ‘Panama Papers’, which showed how easy it is for supposedly confidential data to leak into the public domain – and how difficult it is to protect it.
However, confidentiality is the cornerstone of firms in the financial services sector, and data protection is the responsibility of everyone working in it.
Cybersecurity and data protection: public issue #1
The Wikileaks US diplomatic cables case and the Snowden revelations had already shown how vulnerable institutions, corporates and individuals are to data breaches. The data leak from Panama offshore law firm Mossack Fonseca was reportedly the biggest in history, with 11.5 million documents falling into the public domain in an instant.
The World Economic Forum identified cyber threats among the key risks to the world’s stability in its Global Risk Report and says they could cost the global economy up to US$3 trillion. Meanwhile, according to PWC’s Global State of Security Survey 2016, cyber-attacks on businesses, institutions and individuals increased 38% last year compared to 2014: complacency can be costly both in terms of financial and reputational damage.
Data breaches: mistake – or malice?
According to a 2014 report by encryption services provider Egress Software Technologies, 93% of data breaches were due to human error, poor processes or lack of care when handling data. Egress notes that in the private sector, financial services were among the worst affected. “The financial industry was one of the hardest hit, with an increase of 200% in insurance, 44% seen for lenders and 200% for both financial advisors and pension providers,” its report says.
The SANS Institute, a cooperative research and education organisation and the world’s largest provider of cyber security training and certification to governments and commercial institutions, says that financial services organisations are most frequently breached by those with insider access.
Nearly half of the respondents (46%) of its second annual survey on the security of the financial services sector cited abuse or misuse by internal employees or contractors as being their most prevalent causes of breaches, while 42% cited successful spearphishing attacks.
The problem is likely to get worse as the workforce is rapidly adopting Bring-Your-Own-Device (BYOD), the Internet of Things (IoT) and office-based cloud applications creating even more vulnerability in an organisation’s IT security system.
Data protection law: a work in progress
Thorough education and training of the workforce is key. However, the legal framework is inconsistent across the world. Data protection laws in Europe and North America are described as ‘Heavy’ by DLA Piper, Australia and Japan are rated ‘Robust’ while most of Asia is ‘Limited’. In the United States privacy legislation tends to be adopted on an ad hoc basis, while only the EU has established clear guidelines on data protection law through the General Data Protection Regulation (GDPR), which comes into force in 2018, and the Cybercrime Directive.
Data protection is a relatively new concern and a great deal needs to be done to protect personal or confidential information. Nevertheless, candidates for jobs in the financial services sector will be expected to display full awareness of data security and understand the consequences of their actions in a digital age.
If you are looking to further your career in financial services, please get in touch with your local recruitment expert.