Survey: Network attacks double at financial firms

While hackers have stepped up attacks on global financial institutions and security budgets remain flat, many companies seem to be taking security more seriously.

Admitted attacks on computer networks at global financial institutions more than doubled in the last year, resulting in more monetary losses. Yet a quarter of those companies say they're not spending more on new security systems.

Those are the findings in the 36-page 2004 global security survey by New York-based Deloitte Touche.

IT executives from 100 companies were interviewed for the report, and 83% acknowledged their systems have been compromised in the past year, compared to only 39% in 2002. Of those surveyed, 40% said attacks against their networks resulted in financial loss. Despite that, 25% reported flat security budget growth.

"Financial institutions, particularly security officers, are facing greater challenges than ever," said Adel Melek, partner and global leader of Deloitte's IT Risk Management & Security Services/Global Financial Services Industry. "They are fighting an ongoing battle to overcome evolving security threats and to comply with an increasingly stringent regulatory environment but, at the same time, resources have stagnated."

The survey also found companies are sliding backwards when it comes to their use of security technology. While more than 70% of respondents perceived viruses and worms as the greatest threat to their systems in the next year, those who said they've fully deployed antivirus measures dropped from 96% in 2003 to 87%.

Other key findings of the survey showed:

  • While the majority of respondents (59%) indicated security is a key priority, only 10% reported that their general management perceives security as a business enabler.
  • While 91% of respondents indicated they have a comprehensive IT disaster recovery plan in place, only 51% took into account personnel within their business continuity plans.
  • One third (32%) of respondents felt security technologies acquired by their organizations were not being used effectively.
  • Only one quarter (26%) of respondents felt their strategic and security technology initiatives were well aligned.
  • Identity management and vulnerability management are the two most common technologies financial services are piloting or intend to deploy over the coming 18 months.
  • It's not that companies aren't investing enough, it's that they're investing more wisely
    Ted DeZabala
    managing partnerDeloitte's security services group

    The survey did show some positive trends.

    Among them, financial institutions showed improvement in complying with regulations, as two-thirds (67%) of respondents indicated they have a program for managing privacy compared to 56% last year. In addition, 69% felt that senior management is committed to security projects needed to address regulatory requirements.

    Ted DeZabala, managing partner of Deloitte's security services group, said the survey shows that while firms aren't necessarily spending more to protect their networks, they're taking security more seriously and getting better at managing it.

    "It's not that companies aren't investing enough, it's that they're investing more wisely," DeZabala said. "We really believe security is a management issue more than a technological issue. Some of the more effective solutions are things like identity management. That's an issue raised by regulators as well. Effective management can mitigate risk." The survey shows companies are subscribing to that point of view, he said.

Dig deeper on Emerging Information Security Threats

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close