Nigel Vincent, data protection officer at Quilter, says the advice firm has cyber insurance in place because “this is where the greatest risk of mass data exfiltration, and therefore the greatest risks to customers lie.
"Ultimately, the decision is a risk-based decision on how much data and how sensitive the data that the business is processing is, and particularly how much distress could be caused to clients should the worst happen.
“Insurance is one layer of what should be a multi-level defence mechanism to prevent incidents, contain incidents when they happen and to be able to respond to any consequences."
To minimise the risk of data leakage Quilter has put in place a blend of technology and procedures.
"Though people will try to avoid making mistakes, they can become used to a process working a particular way and may overlook controls as they operate through their workload, particularly during busy periods,” says Vincent.
“On the other hand, automation is limited in its ability to respond to operational changes and needs, and can lack the checks and balances required to prevent errors.
“Respectively, these limitations can lead to errors such as misdirected emails and physical mailing errors which can compromise the confidentiality of client data. Conversely, manual and automated controls both provide protections against misuse.”
On balance, he says, “the automated option is becoming more prevalent and is often the only viable option.
“Humans are unlikely to be able to respond quickly enough to a cyber attack and would not be able to maintain the level of vigilance that tooling can offer."
carmen.reichman@ft.com
