11:27 AM
Deena M. Amato-McCoy
Deena M. Amato-McCoy
Connect Directly


Physical vaults are no longer enough to protect bank customers' assets.

Top-Level Security Efforts Lacking

Although executives are well aware of the risks surrounding the security of their internal information, companies around the globe still fail to safeguard themselves from potential threats. Worse, these companies are not expressing the severity of potential threats to their employees, according to a 2004 Ernst & Young (New York) Global Information Security Survey. The report focuses on responses from more than 1,230 organizations - 15 percent from the banking industry - across 51 countries.

Furthermore, the study reveals that while companies are focused on external threats, they underemphasize internal threats. These risks become more severe as companies pursue outsourcing and other external partnerships that cannot be controlled easily within their four walls, the report says. However, few companies are aware of where threats exist within the enterprise.

Close to 70 percent of respondents' board of directors failed to receive a quarterly report about the organization's information security status, the study says. And, a mere 28 percent of participants reported that raising employee information security training or awareness was a top initiative in 2004.

"Fewer than one-third of companies conduct a regular assessment of compliance of their IT providers against internal security policies," said Edwin Bennett, global director of Ernst & Young's technology and risk services, in a statement. "They are simply relying on trust."

Companies must instill a security-conscious culture, the report recommends. However, success depends on support from top-level executives. Management buy-in is a prerequisite to changing the way organizations approach information security. Still, only 20 percent of surveyed companies currently view information security as a CEO-level priority (see chart at left), according to the study.

"More should and could be done to transform the skills and awareness of their people, who often present the greatest opportunities for vulnerability," Bennett added. "By converting them, companies will gain their strongest layer of defense."

4 of 4
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology
BS&T's 2014 Elite 8 executives are leading their banks to success, whether it involves leveraging the cloud, modernizing core systems, or transforming into digital enterprises.
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.