Many financial institutions are being more proactive than ever before in handling their information security but are finding their efforts restricted by costs and challenged by the increasing sophistication of cyber fraud threats, a new global security survey by Deloitte finds. The firm's 2012 DTTL Global Financial Services Industry Security Study surveyed more than 250 financial organizations - more than 60 percent of them banks - to learn more about what they perceive as their chief security risks and challenges, and what resources they are bringing to bear on those challenges.
The report said that, consistent with previous years, a lack of sufficient budget resources and the increasing sophistication of threats are their biggest barriers to a more effective information security operation. However, most of the institutions (nearly two-thirds) felt that their information security and business were engaged with each other, and almost half of the respondents said they have strong coordination with enterprise risk management. The most popular security initiatives for this year among those organizations surveyed were information security governance, identity and access management and information security strategy.
The top risks cited by respondents were financial fraud involving information system, employee errors and breaches of information. Those organizations within the United States that were surveyed also stood out in that more than half of them said that security breaches involving third-party partners are a high threat - a much higher rate than in other countries. And the U.S. also had the highest number of respondents, 28 percent, who perceived social media as a potential threat.
Within the banking sector specifically, the report noted that many security enhancements are being driven by increasing regulations. Banking respondents said that excessive access rights, security policies and standards that have not been operationalized and lack of sufficient segregation of duties were their most common audit findings. More than 70 percent of the banking respondents said that they dedicate one to three percent of their IT budget to information security, but lack of sufficient funds and resources was still cited as the most common challenge to building their information security programs. Nearly 25 percent of the banking organizations surveyed said they experienced a security breach in the last 12 months.