Study Spotlights Privacy, Data Security Vulnerabilities at Financial Services Firms

Consumer data in vulnerable during development, testing.

A new study from Compuware Corporation identifies six areas “primary areas of vulnerability to privacy and data security for the financial services industry: risk of data breach, diminishment of customer loyalty and trust, malicious or negligent insiders, risk of outsourcing confidential data to third parties, regulatory non-compliance, and ineffective privacy and information governance.”

Conducted over three months by the Ponemon Institute, Privacy and Data Protection Practices: A Benchmark Study of the Financial Services Industry ( analyzed results of interviews with “chief information security officers, chief security officers, chief privacy officers, [and] executives from 80 global financial services firms. Among the findings: 83 percent of firms using actual customer data in when developing and testing applications.

The study also found other overlooked risk areas. Only 56 percent of companies use identity compliance procedures, and less than half (47 percent) employ intrusion detection systems.

Many security analysts say threats can come from within; the study found that 88 percent still use Social Security numbers as a primary customer identifier. Worse still, only 41 percent of those surveyed say they use data loss prevention (DLP) technology at their firm.

Though more than half (60 percent) employ a chief privacy officer, half of them admit to having “insufficient resources to accomplish their goals and objectives.”

“One of the most important things a company can do to assure their future success is to plug the holes in their security policies that were demonstrated in this study,” said Larry Ponemon Ph.D. of the Ponemon Institute, in a statement “While there is a great deal of progress being made, there is still a long way to go.”

Most participating firms were based in North America, all with more than 500 employees involved in banking, investments, brokerage, insurance, credit cards, or mortgages.

About the Author

James E. Powell is the former editorial director of Enterprise Strategies (