All of the UK’s major banks and lenders have reported multiple data breach incidents to the Information Commissioner’s Office (ICO) in the past two years, according to the findings of a freedom of information (FOI) request submitted by encryption software provider Egress.
The FOI response showed that Barclays, HSBC, Lloyds Banking Group, NatWest, Nationwide and Santander had all been in touch with the ICO about data breaches within the past couple of years.
Egress submitted the FOI to the ICO to ask about the number of Data Protection Act (DPA) breach investigations within the financial services industry in the last two years. The figures revealed a staggering 585 incidents reported to the ICO during 2014 alone, and 791 since the start of 2013. Egress said that this was a 183 per cent rise in DPA investigations from two years ago.
“It is staggering to see financial services firms reporting more than three times the number of incidents than the legal sector, which has recently come under targeted fire from the ICO,” said Egress CEO Tony Pepper.
“Today’s findings suggest that similar, if not harsher, criticism ought to be levied at the banks, building societies and insurance firms too,” he added.
Pepper said that with planned reforms to the EU General Data Protection Regulations, the financial services industry must take action now or risk paying much tougher penalties for data breaches.
“It is interesting to note that the monetary penalties issued by the ICO to this sector have historically been so low – perhaps one of the reasons we’re seeing such apparent complacency when it comes to encrypting and controlling the sensitive information financial firms hold,” he suggested.
End users have been telling Computing over the past few years that implementing a security strategy to ensure “best practice”, training staff, and raising awareness of security issues are some of the most important areas to focus on in order to ensure that they are not susceptible to data breaches. However, a FOI request made in November 2014 by Egress found that 93 per cent of breaches in all sectors were caused by human error – suggesting that there is still a long way to go for firms to perfect their security policies.