The latest research from cybersecurity expert Norton found that an excess of 17 million Brits were victims of cybercrime last year, with UK internet users losing an estimated £4.6bn to hackers. As the highest profile data breaches have had a catastrophic impact on a global scale, it’s hardly surprising.
For example, the WannaCry ransomware attack became a worldwide disaster in 2017 which dominated the news agenda for weeks. A total of 99 countries, including UK, China, Russia and Spain, were reportedly impacted by the virus, making it one of the largest hacks in history. The hackers responsible held organisations to a bitcoin ransom thanks to a weakness in legacy Windows systems, leaving businesses that hadn’t installed the latest patches vulnerable to attack.
To highlight how frequent this type of attack has become, in December alone in the UK, 33.8 million records were leaked as a direct result of cyber attacks and data breaches.
To add to industry concern levels, the head of the National Cyber Security Centre, Ciaran Martin, recently warned it is a matter of “when, not if” a major cyber attack would hit the UK.
Cybercrime – it’s time to fight back
With this in mind, it’s not surprising that the 28th January officially marked international Data Privacy Day. This annual event began in the United States and Canada in January 2008 and has now gone global, with more than 50 countries onboard, including the UK. It aims to empower individuals and raise awareness about how personal customer data is used, stored and managed – as well as to encourage businesses to respect privacy, safeguard data and enable trust. This is especially relevant for financial institutions like banks and insurers, which see consumers are entrusting them with sensitive data that, if breached, could cost them hugely.
The dual focus of Data Privacy Day on individuals and organisations shines a spotlight on one of the biggest questions in the age of data security: who is responsible, and accountable, for protecting customer data? Is it customers themselves, providers or even government bodies who should be taking charge? If these questions are left unanswered, the war on cybercrime will be lost.
Helping customers protect themselves
With international press attention raising awareness of cybercrime, individuals are all too aware of the threat of attacks. New research by McAfee reveals that 61 per cent of consumers are more worried about cybersecurity today than they were five years ago.
And for many, fraud isn’t just a potential threat – it’s a reality. The Symantec Internet Security Threat Report found that nearly 700 million people across 21 countries had experienced some form of cybercrime. This problem is made worse by the fact that they don’t know where to turn for help; 41 per cent of people globally can’t identify a phishing email and often guess to an email’s legitimacy.
However, steps are being taken by organisations like the UK’s Financial Fraud Action to educate consumers to at least spot basic signs of fraudulent activity. In 2016, the industry body launched Take Five, a national campaign offering advice to help people protect themselves from preventable financial fraud. Advice which all consumers can use to further secure their data includes never disclosing full passwords, and the warning signs to look out for in suspicious emails or texts which claim to be sent from their bank.
But this is just the start of the education process. What more can financial institutions do to help keep their customers safe from fraudulent activity?
The role of financial institutions
When it comes to data security, financial institutions are arguably some of the most important businesses from a consumer standpoint. They turn to insurance providers for additional peace of mind and ensure they are covered when the worst-case scenario becomes a reality. If trust is lost due to data breaches, the relationship will be lost.
Similarly, banks exist to manage and protect people’s finances, so reducing a consumer’s exposure to financial fraud must be a core element of the business. At a time when challenger banks offer more choice for consumers than ever before, it’s important banks offer customers guidance when issues arise and do everything possible to stop them occurring in the first place.
At a time when customers have an abundance of choice, the provision of fraud prevention and resolution services could help them find a much-needed point of differentiation. They can move from the supplier of a specific service – such as a current account or house insurance – to a role in which they add value in multiple areas of the customers’ lives.
Such services would make a huge difference for the customer, especially when it comes to exploring hard-to-access areas like the dark web. The majority of customers won’t know what this is so unlikely to know how to react if sensitive data is published here. Clearly, knowing that the dark web is being scanned for potential breaches offers additional peace of mind. If financial institutions are adding value in this way, not only will consumers feel safe in the knowledge their data is secure but they’re also more likely to become brand advocates when the business is going the extra mile.
Don’t ignore data protection
Data Privacy Day may aim to raise awareness of cybercrime globally, but data protection isn’t something businesses should only look at once a year. Keeping customer data safe all year round is vital. Raising awareness is the obvious first step but organisations can build trust with their brand and minimise the chance of consumers turning to competitors by offering practical advice and services to support their fight against cyber crime.
Financial institutions simply can’t ignore this. Hackers are only becoming more knowledgeable about the weaknesses available for them to exploit customers. If they can make themselves indispensable in the fight against cybercrime, they can build towards an increasingly loyal customer base – and keep their reputations intact at a time when data breaches will continue to dominate the news agenda.
The time has come for banks and insurers to look beyond the threat hackers pose and instead position the challenge and increased responsibility as an opportunity to step up and fulfil a new role in their customers’ lives – regardless of whether it’s Data Privacy Day or any other time of the year.
By Karen Wheeler, Vice President and Country Manager, Affinion UK