Lawyer warns banks over data breach increase

In the same week the UK’s Financial Conduct Authority (FCA) revealed a fivefold rise in data breaches at financial services firms, Rupert Casey, technology solicitor at Keystone Law, warns that retail banks must get the basic procedures right or face regulatory rigor. According to law firm RPC, 145 companies reported breaches to the FCA in …

by | March 4, 2019 | bobsguide

In the same week the UK’s Financial Conduct Authority (FCA) revealed a fivefold rise in data breaches at financial services firms, Rupert Casey, technology solicitor at Keystone Law, warns that retail banks must get the basic procedures right or face regulatory rigor.

According to law firm RPC, 145 companies reported breaches to the FCA in 2018 compared to just 25 in 2017, a 480% increase. Retail bank breach reports rose from one to 25 between 2017 and 2018.

The sharp rise may be distorted by the “spotlight” of the General Data Protection Regulation (GDPR) mandatory reporting of data breaches, believes Casey, although he admits it still constitutes a concern.

“GDPR is one way in which consumers have the benefit of understanding whether or not their relevant financial institution has been has been targeted,” he says.

“If year on year [banks] are reporting more and then at some point you catch up with reality and reporting on a truthful basis, at that point does the market go up or down in the number of attacks? I don’t know, but you will see the regulator responding and being tougher on banks because public perception will always be that the number of attacks is going up.”

Casey suggests banks need to administer strict, formalised rules to show regulators they’re acting to prevent malicious behaviour.

“The only way banks can respond to this is a greater level of focus on policy and procedure. If you have all of that in place, it’s very difficult to bring the claim that you hadn’t taken the right steps,” he says.

Banks need a “systematic culture” of being aware of vulnerabilities and keeping up to date with the threat market, according to Casey.

“[With that culture in place] it will be very difficult for people to say you were culpable,” says Casey. “You may still be liable in terms of resulting damage but determining if you are culpable of being asleep at the wheel or in any way negligent – it will be consistently difficult to catch directors and senior personnel out on those grounds,” he says.

However, the arms race between hackers and bank security protocols is unlikely to result in a revision of GDPR Casey believes.

“My immediate sense is we have too many other things to be dealing with,” he says “GDPR is a global gold standard, I would be staggered if they did anything with this for at least a decade because it needs to bed down, analysed to see if it’s technologically neutral and I believe it is sufficiently neutral at the moment.

“Having said that, Moore’s law about technology is it will probably prove us all wrong on that,” he says.

Categories:

Resources

BrightTalk Webinar: How to create the next-gen self-service platform

Best Practice | ATM technology BrightTalk Webinar: How to create the next-gen self-service platform

Auriga

BrightTalk Webinar: How to create the next-gen self-service platform

On Tuesday 27th July, Auriga participated in the BrightTalk webinar hosted by Allison Ebbage, with special guests including Mark Aldred,… Continue Reading

View resource
Hackers Love Holiday Weekends | NXTsoft's Cyber Show, Ep 5

Video | Banking Hackers Love Holiday Weekends | NXTsoft's Cyber Show, Ep 5

NXTsoft

Hackers Love Holiday Weekends | NXTsoft's Cyber Show, Ep 5

Hackers strike again on a holiday weekend, cybersecurity for trains and IoT devices, how to find out if you’ve been… Continue Reading

View resource
NXTsoft Partner Spotlight: Meet Kasasa

Other | Banking NXTsoft Partner Spotlight: Meet Kasasa

NXTsoft

NXTsoft Partner Spotlight: Meet Kasasa

Join us on this episode of OmniTalk FI as we welcome one of NXTsoft’s newest partners, Kasasa! Chris Cohen and… Continue Reading

View resource
Join the Intix team at Sibos 2021

Other | Banking Join the Intix team at Sibos 2021

Intix

Join the Intix team at Sibos 2021

We are a proud partner of Sibos 2021. Connect with us to discuss Transaction Data Management. We enable financial institutions… Continue Reading

View resource