Outlook 2020: Integris FinServ Data Privacy Study Finds Overconfidence and Data Inventory Shortfalls

NEWS HIGHLIGHTS:

  • The FinServ industry spends the most on data privacy management and has the largest internal data privacy teams. Despite robust investment, according to the Boston Consulting Group, financial firms are still hit with cyberattacks approximately 300 times more than any other industry.
  • Poor data management hygiene is to blame. An alarming 24 percent of respondents only update their personal data inventory once a year. Even more concerning, 13 percent only inventory sensitive data when audited or in response to regulation requests.

SEATTLEDecember 18, 2019 Integris Software’s 2019 FinServ Data Privacy Maturity Study found a widening gap between the industry’s technology investment and its data privacy maturity. The latest financial services report collected data from a broad pool of financial services industry respondents, with nearly half representing companies that surpassed $10B in annual revenue.

The survey found that despite being one of the top industries targeted for data theft, finance professionals were still overconfident in their ability to protect sensitive information, with 75 percent of respondents being “Very confident” or “Extremely Confident” in their data privacy management practices. The research uncovered that even with large investments in data privacy teams and technology, financial services organizations still take a major hit from cybercriminals and need to make further strides to improve sensitive data management. 

Top report findings include:

FinServ Invests the Most in Data Privacy Management:

  • The financial services industry spends the most on data privacy management and is increasing data privacy budgets within InfoSec departments. In fact, nearly all organizations (92 percent) had a dedicated data privacy management budget. Twenty-eight percent are spending more than $5 million per year, nearly double what healthcare spent at this level.
  • The finance industry also had the largest internal data privacy teams in the study with 40 percent having 50 or more people (nearly triple the 17 percent of healthcare privacy teams this size).

Poor Data Management Hygiene from Tracking to Sharing:

  • Despite large data privacy investments, the FinServ industry still needs to improve its ability to manage sensitive data across systems.
  • For example, financial data is extremely widespread. A single bank transaction can be replicated across 100 systems making it virtually impossible to manually monitor personal information as it travels throughout an organization.
  • The finance industry must search more locations to find sensitive customer data than any other sector, with 20 percent of respondents needing to search 200 sources to find all data (more than double the healthcare industry). In total, 64 percent needed to search 50 or more sources to find all data on a customer. 
  • Meanwhile, an alarming 24 percent of respondents only update their personal data inventory once a year. Even more concerning, 13 percent only take an inventory of sensitive data when audited or in response to regulation requests.
  • More than 45 percent had at least 50 data sharing agreements in place, which was the highest of all industries. The more data-sharing agreements an organization has, the more challenging it is to enforce its terms and manage all personal information held across companies on a customer.
  •  As such, finance organizations were also much more confident in their ability to comply with data sharing agreements than in their partners – 75 percent of respondents were “Very confident” or “Extremely Confident” in their compliance efforts vs. 50 percent in their partners.

“To help alleviate frequent issues, the financial services industry is starting to use more automated data privacy management tools to increase real-time visibility, comply with regulations and meet data subject requests (DSRs) to furnish or delete personal information,” said Integris Software CEO Kristina Bergman. “For example, organizations that take real-time inventory could immediately tell which customer data had been breached – 89 percent vs. 59 percent who didn’t have real-time data discovery and classification tools. Our survey results underscore why it’s increasingly important for organizations to automate their data privacy management programs to handle the growing volume of private data and meet stringent compliance requirements.”

The FinServ 2019 Data Privacy Maturity Study is now available from Integris Software here.

About the Integris Data Privacy Maturity Study

Integris Software’s 2019 Data Privacy Maturity Study gathered detailed responses from 258 mid to senior executives from IT, general management, and risk and compliance departments at US companies with at least 500 employees (62 percent had 5,000 or more employees) to assess how they manage private data.

About Integris Software                           

Integris Software, the global leader in data privacy automation, helps enterprises discover and control the use of sensitive data in a way that protects privacy and fuels innovation.

Privacy is now critical to an effective data protection strategy. By sitting upstream from security, Integris tells you what data is important and why so you can be precise in your InfoSec controls.

Integris works securely, at scale, no matter where sensitive data resides. You get a live map of your sensitive data where you can apply policies, surface issues, fulfill DSAR requests, and automate remediations via your broader ticketing and InfoSec ecosystem.

Regulations like GDPR and the California Consumer Privacy Act (CCPA) are triggering knee-jerk reactions as companies lock down their data for fear of misuse. With Integris, there is finally a way to use your data without fear.

For more information on Integris, visit: www.integris.io or follow @Integrisio on Twitter.