Tanium Study: Over 90 percent of Financial Services Organisations Surveyed Still Have Major Gaps in IT, Despite Tens of Millions Spent on Compliance

Tanium, provider of unified endpoint management and security built for the world’s most demanding IT environments, today unveiled new research showing misalignment between data privacy regulation spending and business outcomes in the financial sector. Specifically, as businesses spend tens of millions on compliance, over 90 percent still have fundamental IT weaknesses that leave them vulnerable and potentially non-compliant.  

The global study of 750 IT decision makers, including 89 respondents in FS firms, revealed that financial services organisations have spent on average £79 million each to comply with the European Union’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and other data privacy regulations over the past 12 months alone. A majority of organisations have also hired new talent (81 percent), invested in workforce training (83 percent) and introduced new software or services (77 percent) to ensure continued compliance.  

However, despite this increased investment, financial services organisations still feel unprepared to deal with the evolving regulatory landscape, with a third (30 percent) claiming that a lack of resources (people, money, processes), is the biggest barrier to maintaining compliance with GDPR.   

What’s causing visibility gaps? 

The majority (91 percent) of respondents acknowledge fundamental weak points within their organisations that are preventing a comprehensive view of their IT ecosystems.  

These visibility gaps are being exacerbated by a lack of unity between IT, operations and security teams (37 percent), legacy systems which don’t give them accurate information (36 percent), and too many tools used across their business (30 percent).   

The research also found that financial services firms have implemented an average of 49 separate security and operations tools to manage their IT environments. Such sprawl likely further limits the effectiveness of already-siloed teams and creates unnecessary complexity.      

Chris Hodson, Chief Information Security Officer at Tanium said, “While it’s encouraging to see global businesses investing to stay on the right side of data privacy regulations, our research suggests that their good work could be undermined by inattention to basic IT principles. Many organisations seem to have fallen into the trap of thinking that spending a considerable amount of money on GDPR and CCPA is enough to ensure compliance. Yet without true visibility and control of their IT assets, they’re leaving a backdoor open to malicious actors.” 

“Technology leaders need to focus on the fundamentals of unified endpoint security and management to drive rapid incident response and improved decision making. The first step must be gaining real-time visibility of these endpoints, which is a crucial prerequisite to improved IT hygiene, effective risk management, and regulatory compliance.”  

Methodology   

Tanium commissioned independent market research specialist Vanson Bourne to conduct the research upon which this report is based. A total of 750 IT decision makers, including CIOs and CISOs – 100 of which are based in the UK – were surveyed in September/October 2019 across the United States, United Kingdom, Australia, France, Germany, The Netherlands, Japan and Canada. The respondents were from organizations with at least 1,000 employees internationally and could be from any sector.