A recent study, carried out by global information security firm, Symantec, revealed that the 100 companies from India’s banking, financial services and insurance (BFSI) industry lost Rs 6.86 crore on an average due to security breaches. Taking banks in India as an example, the average financial loss in 2010 was Rs 12.6 crore.
Symantec Security Check report disclosed regulatory and governance mandates as key drivers of IT security for 50% of financial services enterprises. Other crucial reasons for increased adoption of security by these organisations were an increase in e-commerce and mobile transactions.
Statistics from the last financial year indicated that 23% of respondents experienced an external attack ranging from phishing attempts, theft of proprietary information or denial of service attacks.
Heavy price for lack of IT security – can you afford not to protect your valuable information?
As a result of a data breach, many institutions that took part in the survey lost several man-hours and in many cases even lost their customers. More than 80% of respondents have faced downtime due to online attacks, and took an average of four hours to resume normal operations.
“Chief informational officers (CIOs) at financial services enterprises in India are concerned about the security of their information and related losses, leading to crucial attention towards IT governance,” said Ajay Goel, managing director, India and Saarc, Symantec.
The study highlights compliance as the primary driver for adopting IT security.
“RBI guidelines, the impending Basel III compliance and the IT (Amendment) Act 2008 regulations are compelling the financial sector to take a close look at how they secure and manage their information,” Goel said.
With more and more people accessing their banking services via mobile devices and the Internet, the risk of exposing confidential information is on the rise. “Besides increased mobile and online transactions (18%) growing internal threats (15%) are also significant factors driving security adoption,” the study said.
Data security and new government regulations
Back in April 2011, the government released a new announcement on privacy data law which relates to any company that collects information within the country. The new regulations require companies to ensure private data stays private.
When outsourcing aspects of IT that touch data stores, companies need to be extra careful that the service providers they engage with follow these new rules of the law, and the exact policies of their shareholders and/or management.
Not complying with the new Act can create a disruption in business operations and result in fines, damaged reputation (i.e. Sony Entertainment, Nintendo, Groupon) and loss of revenue.
Download Information Security and ISO 27001 white paper for tips on effective IT security today!
Avoid unnecessary IT hiccups and download this FREE white paper which will help you carry out an effective ISMS project and protect your valuable data before it’s too late.