Data protection failure continues to make the headlines as the UK’s Financial Services Authority (FSA) fined the insurer Norwich Union £1.26 million for failing to protect confidential customer data from fraudsters. Slack call centre security allowed fraudsters to request the surrender of 74 customer’s policies, totalling £3.3million, in 2006.
In a statement, Mark Hodges, Chief Executive of Norwich Union Life, said, “We have extensive procedures in place to protect our customers, but in this instance weaknesses were exploited and we were the target of organised fraud.”
However, the FSA took the view that the company did not have robust systems and controls in place. “Norwich Union Life let down its customers by not taking reasonable steps to keep their personal and financial information safe and secure”, said Margaret Cole, Director of Enforcement at the FSA.
The FSA said that its investigation found that Norwich Union Life failed to properly assess the risks posed by financial crime, and, as a result, its customers were more likely to fall victim to identity theft.
It is widely held that the brand damage caused by a security policy breach such as this can be anything up to ten times the regulatory fine.
“Information is the most valuable asset for the individual and for the organisation. A clear picture is now becoming apparent of how, in the years ahead, information will be continually coming under attack from criminals who target information for financial gain and from unintentional disclosures by employees or partners,” said Tara Hutton, Marketing Manager at Metacompliance.
“Without doubt, such high profile IT security failures reinforce the issue. However, not until senior management in the private and public sectors see this issue as a mission critical component to their role, will IT security be placed above the status of a piece of housekeeping for the computer department,” said Hutton.