Surge in banks' data breaches bodes well for IT contractors

The number of data breaches at financial firms nearly doubling is coinciding with the IT skills such companies need becoming “extremely hard to come by”.

Figures released this month show that banks and building societies have undergone 791 data security investigations since 2013, representing a 183% rise in the previous two years.

More “alarming” is that 585 of these probes into breaches of the Data Protection Act were in the last 12 months, said software group Egress, which obtained the figures from the ICO.

Lloyds, Barclays, HSBC, RBS, Santander and Natwest were among the most ‘breached’, as each faced “multiple” investigations by the Information Commissioner’s Office (ICO). Human error was overwhelmingly the biggest culprit.

Shown these findings yesterday, information law firm OBEP said IT contractors would clearly continue to have “an important role in assisting financial services clients to reduce data breaches.”

The firm advises that “IT contractors should stay alert to security and privacy issues” within systems they develop or manage, so they can potentially head off flaws or breaches.

“A proactive approach is always preferable to reactive activity,” agrees Phil Beckett of Proven Legal Technologies. “As such, firms must keep a close eye on all [their] platforms.”

If their IT teams don’t, and serious breaches occur, then the ICO has the power to fine outfits, although out of the £7.5m it has so far imposed, financers have been hit for just £455,000.

But Egress points out that this relatively small figure could potentially rise when proposed reforms to the EU General Data Protection Regulation (GDPR) take effect in the coming years.

It said: “With planned reforms to EU GDPR, the financial services industry must take action now or risk falling foul of laws that could see much tougher penalties handed out”.

Olivia Whitcroft at OBEP, which has encouraged firms to explore how the regulation is going to impact them, says contract data workers should take some actions of their own.

“IT contractors should ensure they follow their client's information security and data protection procedures and limit their use of client data to that which is needed for the services they are providing,” she said. “[They] will also want to avoid any direct liability for loss or misuse of personal data.”

But these significant duties are not deterring IT professionals from financial services, where the number of them working on a temporary basis has grown for the past two years in a row.

“The trend [of IT contractors joining financial services] doesn’t appear to show any signs of slowing down,” said a spokesman for umbrella company Giant, which disclosed the increase.  

The spokesman added: “Over a fifth of all IT contractors expect there to be more job opportunities in financial services over the next 12 months, more than any other sector… [and there’s] eight potential sectors to choose from, so this could be seen as quite significant.”

The umbrella company's boss put IT contractors’ rising faith in financial services (to provide them with work) down to the rising tide in the industry of regulation, cyber security and digitisation.

Referring to banks needing to “design and create complex systems,” Giant's Matthew Brown also said: “With these skills extremely hard to come by in the [IT labour] market at the moment, contractors have been highly sought-after”.

In line with his reading, Morgan McKinley yesterday described the outlook for IT professionals as “bright,” especially, it said, in the pay stakes for those serving ‘revenue-generating’ operations.

Although a typical example is a developer working in the front office of a bank, the City recruiter said some top developers were “snubbing” large banks for fintech and start-up companies.

The agency’s director of operations Hakan Enver explained: “One leading tech firm offered a data developer £60,000 in shares to match his £60,000 basic salary with the option to acquire cash or increased shares on an annual basis.”