Manage Your Reputation to Ensure Data Security in Financial Services
Written by: Alain Penel, Regional Vice President – Middle East, Fortinet
It’s widely understood across industries that a business’ most fragile and valuable asset is its reputation. This statement is especially true within the financial services industry, as individuals from around the globe trust institutions with their money and personal information on a daily basis.
As a result, the protection of this data is vital to an organization’s ability to efficiently conduct business and maintain a loyal customer base. If a financial institution cannot protect data, their partners and clients will likely have their doubts and take their business elsewhere.
Reputational damages can come in various forms, with some breaches being more devastating to an organization than others. Here are some of the ways data breaches can impact a financial institution’s reputation:
Stolen Customer Information
When thinking about financial data breaches and their impact on reputation, stolen customer information typically comes to mind before all else. Oftentimes, when a breach occurs the company giving up the data notices the intrusion too late, is slow to respond, and loses the trust of their customers as a result.
In fact, it’s been reported that about 20 percent of consumers will leave credit card companies or banks that have experienced a breach while they were customers. And where do those lost customers go? About one out of four of them will take their business to a competitor.
Stolen Employee Information
In addition to having personal financial information and credit cards or accounts on file, financial organizations also have to remember they are housing the information of their employees. This likely includes social security numbers and home addresses.
A cybercriminal can use this information to steal their identity in the classic sense (opening fake credit cards of their own), use it to pose as the banking employee to trick customers into giving up their information, or utilize the stolen information to further infiltrate internal networks.
While these occurrences are less common and typically less damaging to a financial institution’s reputation, they need to be taken seriously. As word gets out around data breaches, regardless of the type, reputation will likely plummet.
Cybercriminals don’t always have to steal customer or employee information to do serious damage to a financial organization’s bottom line and reputation. In fact, there have been many instances where cybercriminals have installed malware to spy on how money is sent and received within banks in order to illegally withdraw money.
There have also been cases where cybercriminals hack into bank-to-bank communication systems to cause disruption. In each of these cases, but especially the latter, financial institutions can take a serious blow to their reputation within the industry.
Financial institutions are held accountable for data breaches by both state and federal laws. According to information posted on the Better Business Bureau’s website, “The Gramm-Leach-Bliley Act (“GLBA”) and the American Recovery and Reinvestment Act require that certain financial institutions as well as health care providers, or businesses that provide services to health care providers, notify patients and the government if the security of the personal information that they maintain is breached.”
While the GLBA is in place at the federal level, most states have a “data breach notification” statute in place that requires businesses to report if someone unauthorized acquires their information. Non-compliance with these laws and regulations are almost always reported to the media and tarnish reputation.
Cybercriminals are here to stay. Financial institutions that want to successfully defend against attacks and protect their reputation should identify all the different access points of their organization’s network and put cybersecurity solutions in place at the locations that hold the most critical data.
Building a reputation can take many years, but it only takes one significant attack on data to bring it back to square one. On the flip side, a top-notch reputation will lead to more customers and partners.