02:43 PM
Connect Directly

Deloitte Says Financial Crisis May Lead to Security Crisis for Banks

Problems with liquidity and customer retention aren't the only challenges that banks will face in 2009. A report from Deloitte Touche Tohmatsu, "Protecting What Matters: 6th Annual Global Security Survey," says that the pressures brought on by the financial crisis are actually increasing banks' vulnerabilities to data breaches.

According to the firm, tighter budgets, a greater concern over internal security breaches due to lower employee morale and complacency after a decrease in overall attacks over the past year may expose global financial institutions to an increased risk of data breaches in 2009.

Security breaches should not take a back seat as banks face the challenges of the coming year, said Mark Steinhoff, leader of Deloitte's financial services security and privacy group and a contributor to the report, in a release. "As the current crisis continues to deepen, financial institutions may look to save money by cutting IT budgets and reducing spending on security infrastructure," he explained. "Consumer trust is already waning. As such, it is important for financial institutions to be vigilant in protecting their data and implementing checks and balances to reduce the risk."

The global security study is designed to help FIs see how their information security practices compare with their counterparts. Participants consisted of a mix of top 100 global financial institutions, top 100 global banks and top 50 insurance companies from 32 countries.

Key findings in the study include:

A decrease in security budgets due to cost containment versus 2008, when many firms reported a 1 percent to 5 percent increase. More than half of respondents (56 percent) say budgetary constraints and/or lack of resources are the leading barriers to ensuring information security. There was a noticeable decline in the percentage of organizations that reported having a program in place to manage security compliance (77 percent in 2007 versus only 48 percent in 2008). This decline could be due to overconfidence by management that security initiatives are sufficient and don't warrant further investment.

Another of the findings says to expect the majority of breaches in 2009 to be the result of human error or malicious employees. The majority of respondents (86 percent) confirm that human error is the leading cause of information systems failure. People can be a bank's weakest link, especially in such times when job security is questionable and stress is high.

Related to this is concern over employee misconduct are findings that although both internal and external security breaches at financial institutions worldwide fell over the past 12 months, employee misconduct is a growing issue for these organizations. Thirty-six percent of respondents expressed concern about insiders' misconduct, compared to only 13 percent who are concerned about external threats. Furthermore, six in 10 (58 percent) of survey participants are concerned about their ability to protect their organization from internal cyber-attacks.

Other findings include:

Phishing/pharming are a continuous concern and are ranked as the leading type of external breach experienced by respondents (22 percent).

The growing popularity of social networks and the proliferation of mobile media such as remote devices and Web 2.0 applications are causing an extra load on internal and external security. More than half of financial institutions surveyed now restrict the use of social networks and instant messaging (53 percent and 58 percent, respectively).

Respondents' top three information security priorities are: security regulatory compliance and, tied in second place, access and identity management and data protection and information leakage.

The leading drivers for respondents to protect the privacy of their clients are regulatory privacy requirements (79 percent) and reputation and brand concerns (70 percent).

"While changes in new regulations might demand new investments, how you keep your infrastructure and technologies safe is something all institutions should be focused on in 2009. This will be a challenging year, no matter how you slice it," said Steinhoff.

Comment  | 
Print  | 
More Insights
Register for Bank Systems & Technology Newsletters
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.