NEW YORK -- While information security incidents continue to grab the attention of business executives, ownership of the underlying problems is still perceived to rest with information technology departments, according to Deloitte Touche Tohmatsus 2007 Global Security Survey.
In a survey that included many of the top 100 global financial services organizations, less than two-thirds of respondents (63 percent) have an information security strategy and only 10 percent have their information security led by business line leaders. These findings support an emerging security paradox: the gap between awareness of the problem and support for the solution; a key challenge lies in the development and integration of a security strategy across the business. But progress can be found, as 26 percent of respondents have recognized the need for a security strategy as an initiative this year.
The survey also revealed that the greatest root cause of external breaches continues to be the human factor: an organizations employees, customers, third parties and business partners.
Due to the increased number of high-profile losses or theft of customer data, data protection has been the subject of intense attention over the past 18 months, said Mark Steinhoff, a principal with Deloitte & Touche LLP and leader of the firms financial services industrys security & privacy services practice.