Average Bank Employee Has Access to 11 Million Confidential Files

By Ava McKinneyOnline Safety

Average Bank Employee Has Access to 11 Million Confidential Files

Analysts at Varonis examined 4 billion files across 56 financial organizations worldwide—including banks, insurance companies, and investment firms—using a random sample from Data Risk Assessment cyber risk audits. The study found that, on average, an employee at a financial organization has access to 13% of all company data. This means that even employees at smaller organizations have unrestricted ability to view, copy, move, modify, and delete data for more than half a million files—including nearly 20% of all files containing confidential information about employees and clients.

As company size increases, the number of files accessible to all employees doubles. In the largest financial organizations, more than 20 million files are available to any staff member.

Key Findings from the Report

  • On average, financial institutions have about 20,000 folders open to all employees.
  • IT specialists need about 6–8 hours per folder to manually find and remove global access, meaning it would take over 15 years to fix access levels by hand.
  • It takes financial organizations about 233 days—roughly eight months—to detect and prevent data leaks, which is the industry average. This is enough time for significant damage to reputation, revenue, and customer trust.
  • More than 64% of financial service companies have over 1,000 confidential files open to every employee.
  • About 70% of all confidential data is outdated (stored beyond the required retention period).

Password and Account Security Issues

Varonis analysts also highlighted serious password problems in financial organizations:

  • 60% of companies have more than 500 passwords that never expire.
  • Nearly 40% have over 10,000 “ghost” user accounts (inactive or unused accounts).

The presence of these accounts, along with privileged users with non-expiring passwords, gives hackers opportunities to steal data or disrupt company operations undetected.

Expert Commentary

“Financial organizations, despite their security measures, are vulnerable to attacks largely because of the value of their clients’ confidential data. The average cost of a single data breach is estimated at $5.85 million. In 2020, financial institutions had the shortest average time to detect and respond to incidents, but remote work can significantly increase this time. The longer it takes to respond to incidents, the higher the cost of breaches. That’s why full transparency of network environments and security automation are crucial. As financial services move to remote work via Office 365, having professional tools to strengthen control and manage increased risk becomes a top priority,” said Daniel Gutman, head of Varonis in Russia.

Leave a Reply