One data breach may be all it takes to lose a client forever

Survey reveals that most Canadians are unforgiving when it comes to their personal and financial information

One data breach may be all it takes to lose a client forever
Steve Randall

Handling client relationships is increasingly moving to a digital future but financial advisors and institutions have only one chance to manage data safely.

That’s according to a new report from KPMG which reveals that 90% of Canadians – already cautious with their personal and financial information - are “leery” of sharing it with any organization that has suffered a data breach or cyberattack.

Most (84%) would consider taking their business elsewhere after a breach, making high-risk stakes for organizations.

With more than half of respondents reporting increased use of online shopping since the start of the pandemic, but they also say that they have received ‘phishing’ emails (sent to mass recipients) and ‘spear phishing’ emails (targeted at individuals) in recent months.

"Cyber criminals are ruthless. They're after your identity, login credentials, money, and sensitive information," said Hartaj Nijjar, KPMG partner and national leader of Cyber Security Services. "With cyberattacks becoming increasingly more sophisticated, organizations must do their part by improving their cyber resilience and continuing to promote #GetCyberSafe awareness and education."

Most at risk
A quarter of Canadians have had their login credentials stolen from a trusted site that was hacked; this rises to 34% for those aged 18 to 34.

Men were slightly more likely to have their credentials stolen than women (28% vs. 22%) as are those in Ontario and British Columbia.

Most respondents said they are being more careful with their personal and financial information but 38% are not confident their personal information can be kept safe, with 17% saying they are "pretty cynical" about the ability of companies or governments to protect their data.

A recent survey found that many Canadians would not spot all the potential signs of fraudsters trying to steal their identity.

How to keep clients’ data safe
KPMG says there are five key elements to protecting clients’ data:

  1. Apply a business lens to cybersecurity by working with management to help them better understand the implications of a breach to bolster support for cyber initiatives, such as employee training and education, funding, and resources.
  2. Establish governance and accountability through an organizational cybersecurity function tasked with reducing risk and increasing resilience.  
  3. Identify your 'crown jewels' and classify them based on their criticality to ensure the appropriate level of resources to guard against, and respond to, a cyber incident.
  4. Educate and raise employee awareness by training employees to stay vigilant for cyberattacks and learn good cyber hygiene.
  5. Build resilience by developing incident response and business continuity plans and testing them. Planning helps prepare leadership and the organization to better organize, mobilize, and respond to a breach when it does happen.