In the wake of the widely publicized Equifax data breach, more and more people are starting to think about data security. If you own, manage, or sit on the board of directors of a financial institution, you may be wondering what would happen if your bank experienced a breach. While the effects can vary, here’s an overview of what to expect.
Clean Up Costs
After a data breach, financial institutions face a lot of remediation costs. Your institution has to pay a data forensics team to find the source of the breach and hire security experts to tighten up that part of your system. Notifying your clients of the breach also costs money in terms of in and outbound communication and offering identity protection services. Beyond that, your institution may face legal costs and lawsuits.
According to a 2017 study from the Ponemon Institute, the average cost of a data breach for a US company is $7.35 million. That’s roughly equivalent to $225 for each compromised record. For instance, when Anthem faced a data breach of 80 million patient and employee records, experts estimated the total cost to the company was somewhere between $100 million and $16 billion. While those numbers are vastly far apart, they have one thing in common—they’re both significant.
The above costs don’t even take into effect the financial considerations associated with losing customers, and unfortunately, financial services are the most likely to lose customers after a breach. People want to trust their banks. That’s extremely important to them, and when they can’t, they leave. Other industries, such as healthcare, tend to be less affected by loss of customers after a breach.
Time is money, and cleaning up a data breach takes a lot of time. When the institution first notices the breach, everything has to come offline. If personal information was posted publicly on the bank’s website, it’s important to contact search engines to ensure none of that information was cached. You also need to contact other websites that may have saved some of the personal information.
Then, you need to interview the people who discovered the breach, find people to address the technical and customer service aspects of the breach, and call the individuals and businesses affected by the breach. That’s just a mere sample of the post data breach to-do list.
In addition to facing the risk of being sued by customers, financial institutions also have to worry about whether or not they are in breach of any federal or state laws. Under the Gramm-Leach-Bliley (GLB) Act, financial institutions have a legal obligation to ensure that their client’s details are safe and confidential.
Under the Safeguards Rule of this act, financial institutions must have a written plan in place on how they protect customer data, they must use service providers who have security safeguards in place, and they must train their employees appropriately. All of these requirements are subject to interpretation and the expectations vary based on the size and scope of your institution, but to be on the safe side, you certainly don’t want to be in violation of these laws.
At SQN Banking Systems, we offer fraud protection for financial institutions. Our solutions include everything from signature verification tools to transaction analysis to workflow applications. In addition to helping to make your institution safer, we help make it more competitive and profitable. Contact us to discuss your security needs today.