In our latest research report, we took a deep dive into the State of Data Loss Prevention and revealed that data loss incidents are happening up to 38x more frequently than IT leaders currently estimate.
And, while data loss is a big problem across all industries, it’s especially problematic in those that handle highly sensitive data. One of those industries is Financial Services.
Before we dive into how frequently data loss incidents are happening and why, let’s define what exactly a data loss incident is in the context of this report.
We focused on outbound data loss on email. This could be either intentional data exfiltration by a disgruntled or financially motivated employee or it could be accidental data loss.
Here’s what we found out.
Tessian platform data shows that in organizations with 1,000 employees, 800 emails are sent to the wrong person every year. This is 1.6x more than IT leaders estimated.
Likewise, in organizations of the same size, 27,500 emails containing company data are sent to personal accounts. We call these unauthorized emails, and IT leaders estimated just 720 are sent annually. That’s a big difference.
But, what about in this particular sector?
Over half (57%) of Financial Services professionals across the US and the UK admit to sending at least one misdirected email and 67% say they’ve sent unauthorized emails. But, when you isolate the US employees, the percentage almost doubles. 91% of Financial Services professionals in the US say they’ve sent company data to their personal accounts.
And, because Financial Services is highly competitive, professionals working in this industry are among the most likely to download, save, or send company data to personal accounts before leaving or after being dismissed from a job, with 47% of employees saying they’ve done it.
To really understand the consequences of incidents like this, you have to consider the type of data this industry handles and the compliance standards and data privacy regulations they’re obligated to satisfy.
So, what happens if there’s a breach? The implications are far-reaching, ranging from lost customer trust and a damaged reputation to revenue loss and regulatory fines.
For more information on these and other compliance standards, visit our Compliance Hub.
The sudden transition from office to home has presented a number of challenges to both employees and security, IT, and compliance leaders.
To start, 65% of professionals working in Financial Services say they feel less secure working from home than they do in the office. It makes sense. People aren’t working from their normal work stations and likely don’t have the same equipment.
A further 56% say they’re less likely to follow safe data practices when working remotely. Why? The most common reason was that IT isn’t watching, followed by being distracted.
Most of us can relate. When working remotely – especially from home – people have other responsibilities and distractions like childcare and roommates and, the truth is, the average employee is just trying to do their job, not be a champion of cybersecurity.
That’s why it’s so important that security and IT teams equip employees with the solutions they need to work securely, wherever they are.
Training, policies, and rule-based technology all have a place in security strategies. But, based on our research, these solutions alone aren’t working.
In fact, 64% of professionals working in Financial Services say they’ll find a workaround to security software or policies if they impede productivity. This is 10% higher than the average across all industries.
Tessian uses machine learning to address the problem of accidental or deliberate data loss by applying human understanding to email behavior.
Our machine learning models analyze email data to understand how people work and communicate. They have been trained on more than two billion emails and they continue to adapt and learn from your own data as human relationships evolve over time.
This enables Tessian Guardian to look at email communications and determine in real time if particular emails look like they’re about to be sent to the wrong person. Tessian Enforcer, meanwhile, can identify when sensitive data is about to be sent to an unsafe place outside an organization’s email network.
Enforcer and Guardian do all of this silently in the background. That means workflows aren’t disrupted and there’s no impact on productivity. Employees can do what they were hired to do without security getting in the way.
Tessian bolsters training, complements rule-based solutions, and helps reinforce the policies security teams have worked so hard to create and embed in their organizations.
That’s why so many Financial Services firms are adopting Tessian’s technology, including:
Interested in learning more about how Tessian can help prevent data loss in your organization? You can read some of our customer stories here or book a demo.
For more insights around the frequency of data loss incidents across industries, the impact remote-working is having on organizations’ security postures, and which solutions are the most (and least) effective, read the full report.