| Huge increase seen in successful information security attacks
Deloitte's 2004 Global Security Survey revealed that 83 percent of survey respondents acknowledged that their systems had been compromised in the past year, compared to 39 percent in 2003. Moreover, 40 percent of respondents whose systems were attacked said they sustained financial losses. The survey, which provides insight into the state of security in the financial services industry, consisted of interviews with senior security officers from 100 of the top global financial institutions. "Financial institutions are fighting an on-going battle to combat and mitigate ever-increasing security threats and attacks, and privacy violations, as well as comply with the increasingly stringent regulatory environment," said Ted DeZabala, a principal and national leader of Security Services for Deloitte & Touche LLP. "These institutions are under increased pressure to deliver a secure environment while also providing greater consumer access. There is a very fine balance between meeting such demands while maintaining the level of security needed to prevent and manage attacks," DeZabala added. Despite the reported doubling of security attacks, more than a quarter of financial institutions said their security budgets remained flat, while nearly 10 percent had their budgets slashed from the previous year. Respondents reported that they perceived their spending on security to be in line with other comparable organizations and in line with their own security plans. The survey also showed declining use of security technologies. With more than 70 percent of respondents stating they believed viruses and worms to be the greatest threat to their systems within the next year, a total of 87 percent of respondents said they have fully deployed anti-virus measures. This result is down from a response rate of 96 percent from last year's survey. There is, however, encouraging news. Financial institutions responding showed improved regulatory compliance efforts, with two-thirds indicating they now have a program for managing privacy, compared to 56 percent of respondents in 2003. In addition, nearly seven of 10 felt that senior management is committed to security projects needed to address regulatory requirements. "Security threats such as viruses, worms, malicious code, sabotage and identity theft are real and have already cost millions of dollars in lost revenues to institutions globally," said DeZabala. "This is our second year conducting this survey, and we plan to continue doing this annually to help the financial services industry, as well as others that may benefit, better understand the increasing complex environment of security threats and possible counter measures available." Additional key findings of the survey: * The majority of respondents indicated they have a comprehensive IT disaster recovery plan in place, but only half included personnel within their business continuity plans. * One-third of respondents stated they believe that security technologies acquired by their organisations are not being utilised effectively. * Only one quarter of respondents felt that their strategic and security technology initiatives were well aligned. * Identity management and vulnerability management were the two most common technologies that financial services are piloting or intend to deploy over the coming 18 months, according to the survey.
•Date:
28th May 2004 •Region: N.America/World •Type:
Article •Topic: ISM |
