Over the years security and data breaches have had a negative impact on financial services organizations. Cyber attacks account for around $18.3 million annually per company. Verizon recently released a report that found only one in five organizations in America were fully compliant with the basic security requirements of the Payment Card Industry Data Security Standard (PCI DSS). Also in that report, fewer than 40% of the financial organizations examined were fully compliant. Trying to beef up security while remaining compliant to new laws and regulations is no doubt a daunting task. There are a tremendous amount of regulations in which financial organizations must comply with. A recent article on regulatory concerns noted that there are 750 global financial regulatory bodies, each with their own rules. In Europe, financial organizations had to quickly deal with the General Data Protection Regulation (GDPR). Then two more regulations came along, the Strong Customer Authentication (SCA) and the revised Payment Services Directive (PSD2). The GDPR also set in motion a major push to globally strengthen data privacy and security protection for consumers. In the US, states like New York, California, Massachusetts, Washington, Hawaii, and many other states have introduced their own data privacy and protection legislation. There was a concern that there could be 50 versions of a consumer privacy act, each with its own rules and regulations. Due to this concern, Congress introduced the Consumer Online Privacy Rights bill to the Senate just before thanksgiving last year, which has yet to be passed. With all these rules and regulations and more being introduced, its no wonder financial organizations are facing compliance fatigue which exposes them to risk.
