Get Your Complimentary Copy of the Gartner Market Guide For Email Security 2021 – Don’t miss out on the recommendations here

Request a Demo of Tessian Today.
Automatically stop data breaches and security threats caused by employees on email. Powered by machine learning, Tessian detects anomalies in real-time, integrating seamlessly with your email environment within minutes and starting protection in a day. Provides you with unparalleled visibility into human security risks to remediate threats and ensure compliance.

The State of Data Loss Prevention in the Financial Services Sector

  • By Maddie Rosenthal
  • 10 May 2021

Tessian’s mission is to secure the human layer by empowering people to do their best work, without security getting in their way.

In our latest research report, we took a deep dive into Data Loss Prevention in Financial Services and revealed that data loss incidents are happening up to 38x more frequently than IT leaders currently estimate. 

And, while data loss is a big problem across all industries, it’s especially problematic in those that handle highly sensitive data. One of those industries is Financial Services.

Before we dive into how frequently data loss incidents are happening and why, let’s define what exactly a data loss incident is in the context of this report.

We focused on outbound data loss on email. This could be either intentional data exfiltration by a disgruntled or financially motivated employee or it could be accidental data loss

Here’s what we found out.

The majority of employees have accidentally or intentionally exfiltrated data 

Tessian platform data shows that in organizations with 1,000 employees, 800 emails are sent to the wrong person every year. This is 1.6x more than IT leaders estimated.

Likewise, in organizations of the same size, 27,500 emails containing company data are sent to personal accounts. We call these unauthorized emails, and IT leaders estimated just 720 are sent annually. That’s a big difference.

“Note: While sending company data to personal email accounts isn’t always malicious, it is often against security policies. Sending company data to a personal email account can also be a sign of intentional data exfiltration by, for example, a disgruntled employee on their way out or an insider threat.”

But, what about in this particular sector?

Over half (57%) of Financial Services professionals across the US and the UK admit to sending at least one misdirected email and 67% say they’ve sent unauthorized emails. But, when you isolate the US employees, the percentage almost doubles. 91% of Financial Services professionals in the US say they’ve sent company data to their personal accounts. 

And, because Financial Services is highly competitive, professionals working in this industry are among the most likely to download, save, or send company data to personal accounts before leaving or after being dismissed from a job, with 47% of employees saying they’ve done it.

To really understand the consequences of incidents like this, you have to consider the type of data this industry handles and the compliance standards and data privacy regulations they’re obligated to satisfy.

Every day, professionals working in Financial Services send and receive:

  • Bank Account Numbers
  • Loan Account Numbers
  • Credit/Debit Card Numbers
  • Social Security Numbers
  • M&A Data

In order to protect that data, they must comply with regional and industry-specific laws, including:

  • GLBA
  • COPPA
  • FACTA
  • FDIC 370
  • HIPAA
  • CCPA
  • GDPR

So, what happens if there’s a breach? The implications are far-reaching, ranging from lost customer trust and a damaged reputation to revenue loss and regulatory fines. 

For more information on these and other compliance standards, visit our Compliance Hub.

Remote-working is making Data Loss Prevention (DLP) more challenging 

The sudden transition from office to home has presented a number of challenges to both employees and security, IT, and compliance leaders. 

To start, 65% of professionals working in Financial Services say they feel less secure working from home than they do in the office. It makes sense. People aren’t working from their normal work stations and likely don’t have the same equipment.

A further 56% say they’re less likely to follow safe data practices when working remotely. Why? The most common reason was that IT isn’t watching, followed by being distracted. 

Most of us can relate. When working remotely – especially from home – people have other responsibilities and distractions like childcare and roommates and, the truth is, the average employee is just trying to do their job, not be a champion of cybersecurity. 

That’s why it’s so important that security and IT teams equip employees with the solutions they need to work securely, wherever they are.

Current solutions aren’t empowering employees to work securely 

Training, policies, and rule-based technology all have a place in security strategies. But, based on our research, these solutions alone aren’t working.

In fact, 64% of professionals working in Financial Services say they’ll find a workaround to security software or policies if they impede productivity. This is 10% higher than the average across all industries.

How does Tessian prevent data loss on email?

Tessian uses machine learning to address the problem of accidental or deliberate data loss by applying human understanding to email behavior.

Our machine learning models analyze email data to understand how people work and communicate. They have been trained on more than two billion emails and they continue to adapt and learn from your own data as human relationships evolve over time.

This enables Tessian Guardian to look at email communications and determine in real time if particular emails look like they’re about to be sent to the wrong person. Tessian Enforcer, meanwhile, can identify when sensitive data is about to be sent to an unsafe place outside an organization’s email network. Finally, Tessian Defender detects and prevents inbound attacks like spear phishing, account takeover (ATO), and CEO Fraud.

Enforcer and Guardian do all of this silently in the background. That means workflows aren’t disrupted and there’s no impact on productivity. Employees can do what they were hired to do without security getting in the way.

Tessian bolsters training, complements rule-based solutions, and helps reinforce the policies security teams have worked so hard to create and embed in their organizations.

That’s why so many Financial Services firms have adopted Tessian’s technology, including:

  • Man Group
  • Evercore
  • BDO
  • Affirm
  • Armstrong Watson
  • JTC
  • DC Advisory
  • Many More
Maddie Rosenthal