There have been a considerable number of recent well-publicized cyber attacks on major client companies including Citigroup, Sony, Nasdaq and Google. As a result, clients are increasingly concerned with the security of their data and their customer’s data.
In 2011, the 4A’s conducted a survey among the members of the association’s finance committees. Eighty-eight percent of the agencies reported that they had been approached by their clients with questions or concerns about the security of their data and their customer’s data. Almost all of the agencies (94%) had been asked by their clients for their data security policies and procedures. Clients had conducted data security audits in 35% of the respondents.
The 4A’s urges members to develop data security policies and implement data security controls.
Given the breath of confidential and sensitive data that is contained in agency information systems, the 4A’s recommends that agencies develop robust data security controls and policies.
The 4A’s has issued a bulletin on Client Data Security that discusses the background on data security issues, the difference between data security and disaster recovery, and offers illustrative samples of data security policies obtained from 4A’s members.