EU Agency presents a new study on how to counter information security risks with a change in the financial sector staff awareness.

Loss caused by theft of customer information and costs of security incidents response is rising according to a new ENISA report. Security breaches in financial organisations can cause heavy financial losses. Employee information security awareness is the way forward, the EU Agency's white paper claims.

Safeguarding personal and financial data is key for the financial services industry. According to the 2008 report of the UK Financial Services Authority financial services firms could significantly reconsider their approaches to data security. Both the costs for less by theft of customer information and the cost of responding to security incidents are rising. Security breaches in financial organisations damages both reputation and causes heavy financial losses, difficult to recover from.

Employees are now considered the single most likely cause of security incidents, confirmed in many international surveys (2007 Global State of Security, the 2008 BERR survey, et al). BERR reports that 47% of large businesses suffer from staff misuse of information systems. Technical solutions are no longer the solution nowadays. The cost for training staff constitutes an important financial commitment for any organisation.

The report is an assessment of the environment of financial organisations and their main business drivers. It presents the landscape of international standards, legislation and certification objectives together with major risks, threats and end-users behaviour. Moreover, the paper covers the different phases of implementation of awareness raising programme in financial organisations and assessment of results. It is imperative that all roles are clearly defined and match them to the corresponding security topics, as identified in tables in the report. Finally, the paper contains practical advice, a set of 20 recommendations and 7 case studies provided by a number of financial organisations around Europe. The ENISA Virtual Working Group on “How to organise awareness raising programmes in financial organisations” contributed to this paper.

The Executive Director of ENISA, Mr. Andrea Pirotti comments on the report:
“The poor state of data security is a serious issue for the financial markets. This is not the time not to invest in security and training for staff, as the costs and consequences thereof may be business critical.”

To view the complete report please visit: http://www.enisa.europa.eu/doc/pdf/deliverables/is_awareness_financial_organisations.pdf