A-Team Insight Blogs

Data Breaches Up 480% in 2018, but is GDPR Compliance the Answer?

Share article

Rob Perry, Vice-President of Product Marketing at ASG Technologies

The number of data breaches reported by UK financial services firms to the Financial Conduct Authority (FCA) increased by 480% in 2018, up to 145 up from just 25 in 2017. Is this solely down to the new GDPR regime, or are there a wider problems at play – and how can firms leverage new tech solutions ensure that they are both protected and protecting their customers?

The data, based on research released last week by RPC, a London-based professional services firm, showed that wholesale financial markets firms such as investment banks reported the most data breaches, with 34 reports – up from just three the previous year.

“Cyber criminals could be targeting investment banks in the belief that their security systems are less sophisticated than retail banks,” suggests Richard Breavington, Partner at RPC and Head of its Cyber Insurance and Breach Response team. “Confidential data held by investment banks on areas such as M&A can be used for insider trading. [For example], in the US the SEC is pursuing a number of insider dealing cases that relate to cyber breaches.”

While the increase looks worrying at first glance, it could equally be due to a positive development – an improvement in the identification and reporting of cyber-attacks. June 2018, the first month following the introduction of the General Data Protection Regulation (GDPR), saw the highest monthly total of data breach reports, suggesting that a more avid attitude towards compliance could also be contributing to the figures.

“The increase in reports does show that the financial services industry is now taking cyber security more seriously than ever,” says Breavington. “The financial and reputational fallout from a data breach can be serious for a business of any size. They must be ready to defend against – and respond to – breaches as efficiently as possible.”

“Attacks are increasing – that’s a given,” agrees Rob Perry, Vice-President of Product Marketing at ASG Technologies, which provides GDPR compliance solutions. “But there is also an increased awareness around the need for regulatory reporting – even in the US, where there is currently no strict requirement to report within a specific timeframe. Organisations are realising that they can’t hide anymore.”

In fact, in a 2018 survey of 200 CIOs, 49% told ASG that all or mostly all their data management focus was on regulatory compliance, while 35% had plans to invest more into data governance in 2019 – suggesting that firms really are starting to take the situation seriously.

For organizations to comply with privacy requirements, they must be able to identify all the personal data being used. And as more breaches are reported and awareness continues to increase, organisations must be ever more vigilant – in terms of knowing what data they have, what data they have the right to use, and what data they have a duty to delete. The use of data intelligence products can help firms to manage these requirements and keep their houses clean. But has GDPR really changed the way they operate yet?

“There was a big build up to May 25, 2018 – but clearly, the world was not compliant from Day One,” admits Perry. “That process is continuing, but we are finally starting to see some action as companies eventually push through new procedures and implement new disclosures. We are still seeing a lot of activity from firms looking to implement GDPR compliance programs – but it’s a journey, not a destination.”

Solutions have evolved since the regulation was first launched, however, and new approaches are changing the way firms handle their data, and how they report it. For example, we are now seeing a shift away from structured data towards the management and classification of unstructured data – for example, using machine learning and automation to match patterns and translate traditional content repositories into a more useful format.

“We are at the very beginning of enforcement, but I think the regulators are serious and they will bring actions in order to raise awareness,” warns Perry. “GDPR compliance is a prime focus for growth, and the wider world of expanding privacy regulations – especially in the US – is going to act as a catalyst for ever more innovative solutions, as the reality around enforcement starts to kick in.”

Leave a comment

Your email address will not be published. Required fields are marked *

*

Related content

WEBINAR

Upcoming Webinar: FRTB: The time to get your data in order is now

Date: 12 September 2019 Time: 10:00am ET / 3:00pm London / 4:00pm CET. Fundamental Review of the Trading Book (FRTB) regulation requires firms within its scope to source significant amounts of data, some of which has not previously been required and is difficult to pin down. The data management challenges of the regulation’s Internal Model...

BLOG

DoubleEdge Partners with Insightful Technology to Tackle Data Compliance Challenges

Following the recent relaunch of its flagship Software-as-a-Service (SaaS) solution Soteria in April, Insightful Technology today announced a new venture with longstanding partners DoubleEdge, specialists in communications compliance, to tackle issues around the consolidation of data, vendor and technology silos for effective data compliance, surveillance and risk mitigation. “To date, financial firms have coped with...

EVENT

Breakfast Briefing: Meeting the Data Requirements of FRTB London

The Fundamental Review of the Trading Book (FRTB) Breakfast Briefing, will examine how the capital markets industry is approaching FRTB data management and will look at the implications for the ways that firms source, manage and store data for FRTB compliance.

GUIDE

RegTech Suppliers Guide 2019

Welcome to our brand new RegTech Suppliers Guide. This unique guide provides detailed data profiles on close to 100 suppliers in the RegTech world, offering you an unrivalled selection of solutions for your most pressing financial regulatory challenges. The aim of the A-Team’s RegTech Suppliers Guide is to steer you through this complex marketplace, offering...