WPA has accused financial service companies of relying on "wings and prayers" to provide security for their clients' data.
The private medical insurance provider has become first UK insurer be accredited for Information Security and believes others need to follow its lead.
It is also one of the country's first financial services companies awarded the British and International Standard for Information Security (BSI ISO/IEC 27001:2005), considered the benchmark for protecting sensitive and valuable information.
Charlie MacEwan, Corporate Communications Director at WPA, noted that over recent years, concerns about how companies handle sensitive medical and financial information have increased exponentially.
"With more breaches being more widely reported, and some eye-watering fines, this makes it something that companies cannot afford to get wrong," says MacEwan.
He also raised concerns about measuring how much, beyond lip service, is really being done to prevent data loss.
Julian Stainton, chief executive of WPA, adds, "BS:ISO 27001 is a critical milestone for organisations involved in Financial Services, too many of whom rely on wings and prayers to protect their customers' intimate information."
In recent years, the Government and many large companies have failed to protect their information and data assets.
Most recently, HSBC was fined £3m for failing to protect its customers' data, while in 2007, both Nationwide Building Society and Aviva (then Norwich Union) were fined £980,000 and £1.26m respectively.
HM Revenue and Customs also fell victim to a data security lapse in 2007, losing CDs containing the personal details of 25 million people.
