The majority of global financial institutions have had an external attack on their information technology systems within the last year and many of these breaches resulted in financial loss, according to Deloitte’s 2004 Global Security Survey released May 17. But even with security attacks on the rise, the largest number of respondents (some 25 per cent) reported flat security budget growth.
The survey is based on interviews with senior security officers from the world’s top 100 global financial institutions. Deloitte reports that 83 per cent of respondents acknowledged that their systems had been compromised in the past year, compared to only 39 per cent in 2002. Of this group, 40 per cent stated that the breaches had resulted in financial loss to their organization.
The survey also finds that companies are sliding backwards when it comes to the use of security technologies. While more than 70 per cent of respondents perceived viruses and worms as the greatest threat to their systems in the next 12 months, only 87 per cent of respondents had fully deployed anti-virus measures. This result is down from 96 per cent in 2003.
On the upside, financial institutions show improvement in complying with regulations, as two-thirds of respondents indicated they have a program for managing privacy, compared to 56 per cent last year, Deloitte reports. In addition, 69 per cent felt that senior management is committed to security projects needed to address regulatory requirements.
Canada had the highest rate in terms of executive management commitment and funding when it came to security projects needed to address regulatory or legal requirements. Canada also led the world when it came to understanding the link between security and business strategy. Canada was tied for first place in the number of respondents who increased their security staff over the past year.
While a slight majority of respondents (59 per cent) indicated security is a key part of their solution, only one tenth reported that their general management perceives security as a business enabler. “The proliferation of networks coupled with emerging technologies has meant new customer needs, new partnerships and unique business transformation opportunities that consequently expose financial institutions to new risks,” the report notes.
Even though 91 per cent of respondents indicated they have a comprehensive IT disaster recovery plan in place, only half of respondents took into account personnel within their business continuity plans.
About one third of respondents felt that security technologies acquired by their organizations were not being utilized effectively. Only one quarter felt that their strategic and security technology initiatives were well aligned.