The high cost of mishandling data breaches, security reporting for financial services
When it comes to the financial damage that breaches can wreck on financial institutions, it is not just the outright theft of account funds, rectifying the loss of customer data or even just rebuilding network damage after an attack that can be costly — there are also the regulatory penalties and fines associated with not properly shoring up systems or giving timely notice to impacted customers.
Up until recently, the penalties of enforcement actions against financial institutions worldwide had been on the rise, just as fraud attempts and incursions targeting banks, credit unions, investment houses and the like. In the past couple of years, JP Morgan Chase & Co., Capital One and Morgan Stanley have all been levied multi-million dollar penalties (as well as class action lawsuit judgments) related to security mismanagement that led to breaches or a failure to give appropriate notification to customers about compromises.
Last month, the U.S. Securities and Exchange Commission (SEC) fined Chase $125 million due to employees’ insecure practices, namely using WhatsApp and personal email accounts to transact official business, thus not adhering to SEC record-keeping requirements. Additionally, under a separate enforcement action, the Commodity Futures Trading Commission also fined the bank $75 million for the same behavior going back six years.
Source: SC Magazine