The State of Data Loss Prevention in the Financial Services Sector

  • By Maddie Rosenthal
  • 10 June 2020

In our latest research report, we took a deep dive into the State of Data Loss Prevention and revealed that data loss incidents are happening up to 38x more frequently than IT leaders currently estimate. 

And, while data loss is a big problem across all industries, it’s especially problematic in those that handle highly sensitive data. One of those industries is Financial Services.

Before we dive into how frequently data loss incidents are happening and why, let’s define what exactly a data loss incident is in the context of this report.

We focused on outbound data loss on email. This could be either intentional data exfiltration by a disgruntled or financially motivated employee or it could be accidental data loss

Here’s what we found out.

The majority of employees have accidentally or intentionally exfiltrated data 

Tessian platform data shows that in organizations with 1,000 employees, 800 emails are sent to the wrong person every year. This is 1.6x more than IT leaders estimated.

Likewise, in organizations of the same size, 27,500 emails containing company data are sent to personal accounts. We call these unauthorized emails, and IT leaders estimated just 720 are sent annually. That’s a big difference.

“Note: While sending company data to personal email accounts isn’t always malicious, it is often against security policies. Sending company data to a personal email account can also be a sign of intentional data exfiltration by, for example, a disgruntled employee on their way out or an insider threat.”

But, what about in this particular sector?

Over half (57%) of Financial Services professionals across the US and the UK admit to sending at least one misdirected email and 67% say they’ve sent unauthorized emails. But, when you isolate the US employees, the percentage almost doubles. 91% of Financial Services professionals in the US say they’ve sent company data to their personal accounts. 

And, because Financial Services is highly competitive, professionals working in this industry are among the most likely to download, save, or send company data to personal accounts before leaving or after being dismissed from a job, with 47% of employees saying they’ve done it.

To really understand the consequences of incidents like this, you have to consider the type of data this industry handles and the compliance standards and data privacy regulations they’re obligated to satisfy.

Every day, professionals working in Financial Services send and receive:

  • Bank Account Numbers
  • Loan Account Numbers
  • Credit/Debit Card Numbers
  • Social Security Numbers
  • M&A Data

In order to protect that data, they must comply with regional and industry-specific laws, including:

  • GLBA
  • COPPA
  • FACTA
  • FDIC 370
  • HIPAA
  • CCPA
  • GDPR

So, what happens if there’s a breach? The implications are far-reaching, ranging from lost customer trust and a damaged reputation to revenue loss and regulatory fines. 

For more information on these and other compliance standards, visit our Compliance Hub.

Remote-working is making Data Loss Prevention (DLP) more challenging 

The sudden transition from office to home has presented a number of challenges to both employees and security, IT, and compliance leaders. 

To start, 65% of professionals working in Financial Services say they feel less secure working from home than they do in the office. It makes sense. People aren’t working from their normal work stations and likely don’t have the same equipment.

A further 56% say they’re less likely to follow safe data practices when working remotely. Why? The most common reason was that IT isn’t watching, followed by being distracted. 

Most of us can relate. When working remotely – especially from home – people have other responsibilities and distractions like childcare and roommates and, the truth is, the average employee is just trying to do their job, not be a champion of cybersecurity. 

That’s why it’s so important that security and IT teams equip employees with the solutions they need to work securely, wherever they are.

Current solutions aren’t empowering employees to work securely 

Training, policies, and rule-based technology all have a place in security strategies. But, based on our research, these solutions alone aren’t working.

In fact, 64% of professionals working in Financial Services say they’ll find a workaround to security software or policies if they impede productivity. This is 10% higher than the average across all industries.

How does Tessian prevent data loss on email?

Tessian uses machine learning to address the problem of accidental or deliberate data loss by applying human understanding to email behavior.

Our machine learning models analyze email data to understand how people work and communicate. They have been trained on more than two billion emails and they continue to adapt and learn from your own data as human relationships evolve over time.

This enables Tessian Guardian to look at email communications and determine in real time if particular emails look like they’re about to be sent to the wrong person. Tessian Enforcer, meanwhile, can identify when sensitive data is about to be sent to an unsafe place outside an organization’s email network. 

Enforcer and Guardian do all of this silently in the background. That means workflows aren’t disrupted and there’s no impact on productivity. Employees can do what they were hired to do without security getting in the way.

Tessian bolsters training, complements rule-based solutions, and helps reinforce the policies security teams have worked so hard to create and embed in their organizations.

That’s why so many Financial Services firms are adopting Tessian’s technology, including:

  • Man Group
  • Evercore
  • BDO
  • Affirm
  • Armstrong Watson
  • JTC
  • DC Advisory
  • Many More

Interested in learning more about how Tessian can help prevent data loss in your organization? You can read some of our customer stories here or book a demo

Learn more about the State of Data Loss Prevention 2020

For more insights around the frequency of data loss incidents across industries, the impact remote-working is having on organizations’ security postures, and which solutions are the most (and least) effective, read the full report.

Maddie Rosenthal