Penalties for data breaches are more worrying than reputation damage, according to survey

Financial services firms are more worried about regulatory penalties than damage to reputation if they lose information, according to a new survey.

Seventy-two percent of the 29 UK financial services respondents polled in the research were most concerned with regulatory action or sanctions, while reputation or brand was second place (66%).

The research was conducted before the current market turmoil.

Ken Allan, partner in Ernst & Young’s technology and security risk services, which conducted the research, said: ‘The sizeable penalties imposed by the Financial Services Authority on a number of financial institutions have clearly hit home. Financial institutions are acutely aware of the impact that sanctions and regulatory action can have on their business and in turn their reputation.’

Other key findings:

Rising regulatory compliance increasing costs

More than a third reported a significant rise in regulatory compliance costs over the last three years.

Financial institutions are tightening up preventative policies around information security

68% are implementing additional security tools and 61% are standardising on a common control framework.

The top security tools being adopted are: content monitoring and filtering tools (97%); storage area networks (93%) and encryption products (90%).

The top three challenges impacting the effective delivery of information security initiatives are: organisational awareness, availability of resources and adequate budget.

The UK appears to be more focused on privacy than the rest of the world

86% of UK financial services based respondents have implemented such controls and 93% said that they now have a clear understanding of privacy law.

However, only 31% confirmed that they have an inventory of information assets cover by privacy requirements, and only 21% have implemented a process to monitor privacy controls.