Inherent dangers
The results show that cyber-attacks are the most prevalent risk cited by respondents, with 28% of all cyber-attacks in the UK in the last year targeting financial institutions. The second and third risks most highlighted by respondents were inflation and geopolitical instabilities.
A major compounding factor in increasing these risks is that many financial institutions simply do not understand data at a basic level. This makes them more vulnerable to attacks around how data is used, stored, managed and implemented. Of the respondents, 21% said they do not know where data is held in the organisation, 35% believe the data world is too difficult and complex to understand and 31% agreed that there is a lack of data literacy in the business.
It has been discussed by DataIQ members that the language used by data professionals needs to be accessible and simplified for those that do not utilise data daily. This is particularly true for highlighting the risks that can arise with poor data management. How many people outside of the the-based teams know what a DDoS or ATO attack is? According to some calculations, more than 50% of all traffic to sites in the financial services industry comes from bots, and they experience the highest share of account takeover attacks at 38%.
What can be done?
The first line of defence for financial institutions must be education about the importance of data, and this is achieved through data literacy. The new DataIQ assessment tool indicator is a good starting point to understand the level of data literacy within an organisation. DataIQ members can also use the DataIQ literacy programme. Once problem areas have been identified, it is much easier to implement a suitable data literacy campaign that can target weak points within a business.
Secondly, a comprehensive data strategy needs to be put in place alongside rigorous data governance policies. Once these have been integrated into the day-to-day operations of the business, it will become simpler to spot dangers whilst rapidly improving organisational compliance.
Staff members need to be made aware of who is responsible for data management, why data quality and compliance are necessary and actions that can be taken to reduce human error. With these frameworks in place, the chance of data breaches diminishes rapidly.
Plan ahead
The other major action that needs to be taken by financial institutions – and any form of data-heavy business – is to ensure there is a crisis management plan in place. This can be achieved by examining past breaches that have happened at similar businesses, identifying scenarios where a breach may occur and calculating the likelihood of breaches happening in different areas of the business.
There is no simple answer that can be utilised by all businesses, it will require individual approaches as each business is unique in the way that it collects, stores and uses data. The leak of data can be damaging economically, operationally and reputationally so it is in all interests to ensure that precautions are taken to minimise the chances of data breaches happening, particularly for financial institutions where data can be personally identifiable.
To highlight the developments in data literacy and data quality you and your team have made, submit an entry to the DataIQ Awards. A free-to-attend award submission masterclass is available to join.