Finance firms report higher number of security breaches

26 Jun 2006

There has been a massive increase in the number of external and internal security attacks reported by some of the world’s largest financial institutions, according to a new survey from Deloitte.

The 2006 Global Security Survey released this morning by Deloitte found that 78pc of organisations had a security breach from outside parties — up from 26pc in 2005 — and 49pc experiencing at least one internal breach, up from 35pc last year. The survey was compiled from interviews with senior security officers from the world’s top 100 global financial institutions.

More than half (51pc) of the reported external attacks were attributed to phishing and pharming, followed closely by spyware or malware use (48pc). Insider fraud accounted for 28pc and leakage of customer data was cited by 18pc of respondents.

Almost all of the organisations surveyed (95pc) said they were allocating more money to information security than in the past year, with logical access control products at the top of the shopping list, according to 76pc of respondents.

Many organisations have been putting a figure on the financial implications of a security breach. Almost three quarters (72pc) of financial institutions that experienced one estimated the amount of damage for the organisation, including direct and indirect costs, to be in the range of US$1m.

The sector is taking steps to fend off the threats, Deloitte found. Among the leading security initiatives uncovered by the survey were fighting identity theft and account fraud (58pc) along with disaster recovery and business continuity planning (49pc) identity management (41pc).

Security awareness and training were much lower in priority for this year compared with the previous survey. Although 96pc of respondents were concerned about employee misconduct involving IT systems, only 34pc provided their staff with some form of information security and privacy training over the past year.

The Europe, Middle East and Africa region was ranked as best in class when it comes to the appointment of a chief information security officer, with 91pc of financial institutions having one in place, the highest percentage of any region.

Colm McDonnell, a director in Deloitte’s Enterprise Risk Services Department, claimed that the report is a reminder to local and international financial services companies based in this country. “In Ireland, in particular, we are consistently seeing the increased professionalism and organisation of hackers. It is paramount that financial institutions prepare for these threats just as professionally.”

By Gordon Smith