A third of financial organisations discovered sensitive or regulated customer data outside of designated secure locations in the past 12 months, according to new research finding that financial services firms are prone to a range of insufficient cyber security controls that make them vulnerable to escalating cyber threats.

Netwrix surveyed 102 financial organisations, revealing that 40 per cent of respondents admitted that in the last year, while their IT teams granted direct access to sensitive data based solely on a user’s request.

On top of that, IT teams are overloaded with addressing data subject access requests (SARs) as a part of General Data Protection Regulation (GDPR) compliance, since 73 per cent of respondents report that DSARs put significant or moderate pressure on IT staff.

The research also showed that 70 per cent of unauthorised data sharing incidents led to data compromise, while 32 per cent of financial organisations have experienced a surge in SARs.

Meanwhile, 44 per cent of chief information security officers or chief information officers did not have or did not know whether they had key performance indicators to report on IT security and cyber risk.

“As the COVID-19 pandemic accelerates the rise of digital payments, financial organisations are generating more and more data, which makes the sector a tempting target for cyber criminals," said Ilia Sotnikov, vice president of product management at Netwrix.

"Poor access management practices and lack of control over sensitive data make the sector vulnerable to these increasing threats - organisations need to mitigate security risks by deploying technologies that enable them to regularly review and correct access permissions as well as to automatically discover their sensitive data enterprise-wide regardless of where it is located, and to move it to a secured storage."

Share Story: