One in five financial firms 'don't know' whether they've suffered data breaches

A recent study from PwC and Iron Mountain shows worrying level of complacency among Europe's financial services firms. Sensitive and confidential information held by financial firms across Europe is at risk of exposure because many are failing to check the effectiveness of their data protection and document management strategies, according to research from PwC and information management company Iron Mountain. Despite handling the sensitive personal details of millions of customers, four in 10 (41 per cent) of the financial services firms surveyed had no plans in place to check the effectiveness of their information risk strategy. Further to this, a worrying 42 per cent did not monitor the performance of the individual or team charged with information risk management, data protection or data recovery. 

Did you know your data was stolen?

The study went on to reveal that one in five (22 per cent) of financial businesses surveyed across Europe 'don't know' whether they have suffered a data breach in the past three years. The research led to Europe's first 'Information Risk Maturity Index', a benchmark to help organisations evaluate their ability to address information risk. 

The research findings underlined the impact and consequences of complacency in information management and data protection. Financial services firms that have experienced a data breach listed reputational damage, professional liability as the main consequences, demonstrating the importance of an information management strategy that covers both paper and digital information. 

Commenting on the survey results, Christian Toon, head of information security at Iron Mountain Europe said: "Our information risk study reveals a worrying level of complacency across the financial services sector in Europe. Interestingly, 45 per cent of those surveyed cited lack of knowledge as the main obstacle to implementing an effective data management strategy. It is time for organisations to make Corporate Information Responsibility part of their operational DNA in the same way that many have done with Corporate Social Responsibility. 

PR Newswire