Survey Shows Online Security Breaches Have Doubled In The Financial Sector - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Survey Shows Online Security Breaches Have Doubled In The Financial Sector

A Deloitte & Touche study shows 83% of financial-services companies acknowledge an outside break-in, up from 39% the previous year.

Security attacks at major financial institutions more than doubled over a year ago, according to a survey of leading global banks, securities firms, and insurance companies.

The survey, released Thursday, is the second conducted by consulting firm Deloitte & Touche LLP. It showed that an amazing 83% of financial-services firms acknowledged that their IT systems had been compromised by attacks from the outside in the past year. In 2003, only 39% of the companies surveyed admitted to a breach.

In addition, 40% of the companies polled--which included a quarter of the world's top 100 banks, about a third of the top 100 financial-services firms, and 10% of the 100 largest insurance companies--said they had suffered financial losses due to the attacks.

"Security threats such as viruses, worms, malicious code, sabotage, and identity theft are real and have already cost millions of dollars in lost revenues to institutions globally," said Ted DeZabala, Deloitte's national managing partner for security services.

The dramatic increase in acknowledged attacks, said DeZabala, was due to a combination of factors. "There's definitely a lot more activity in terms of worms and viruses," he said. "And there's a lot more visibility into what's going on in security. What went undetected last year, or wasn't communicated up the chain of command, may have been spotted this year."

The acknowledgement of losses surprised DeZabala, who said that in the past, companies have been tight-lipped about the issue. "Security is one of those things that you really pay attention to when you lose money," he said, and theorized that firms are owning up to the problem to demonstrate how seriously they're now taking security.

But while the survey noted that attacks have doubled, it also spotted a substantial number of firms running contrary to the general rule of increased security spending. More than a quarter of the institutions said that their security budgets stayed flat over the past year, and nearly ten percent actually had their funds cut.

However, U.S.-based companies generally spend more than those in other countries, take security more seriously, and suffer fewer breaches. The reason: partly an overall heightened interest in security since 9-11, partly more stringent regulations related to security in legislation such as Sarbanes-Oxley.

Sixty-four percent of the U.S. companies polled, for instance, boosted their security budgets, the highest percentage of the five geographic areas Deloitte surveyed. And only a quarter of the financial institutions in the United States acknowledged a compromise of their IT systems, the lowest percentage reported.

But problems remain, even in the United State, and the financial industry has a long way to go to lock its IT. While banks generally lead the way in security, insurance companies are way behind.

As an example, DeZabala cited the high hopes firms once had for patch management.

"They thought that patch management was a solution which would deal with the increasing number of worms and viruses," said DeZabala. But that was overly optimistic. "It turned out that patch management was much more difficult than first believed, and now it seems that it won't solve the problem at all. Worms and viruses are coming out too fast for any patch management solution to be effective. They just don't work if worms are coming out in a matter of hours or even minutes after a vulnerability is made public."

One solution that financial firms are eager to implement is identity management, a technology that was among the top two to be deployed in the next 18 months.

"Identity management could solve a lot of control issue problems," said DeZabala, "and is something that financial institutions are picking up the pace."

Security in general, and identity management in particular, are increasingly important to financial firms as they boost their offshore outsourcing to countries such as India, said DeZabala. "Outsourcing complicates security. When institutions first contract with offshore firms, it may be only 50 or 100 people with direct access to the company's data," he said. "But if that offshore firm is purchased by another organization--which is happening in India, for example--all of a sudden, it's 30,000 people who have access. That's a big risk."

Another risk that wasn't specifically targeted by the survey--the rapid jump in phishing attacks--is also a major concern for banks, brokers, and other institutions that provide accounts and credit cards to customers. In his conversations with the companies polled, DeZabala heard that phishing is a "very large issue for most big financial service institutions. But it's a very, very difficult problem to solve, and one that doesn't lend itself to a systemic solution."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Enterprise Guide to Edge Computing
Cathleen Gagne, Managing Editor, InformationWeek,  10/15/2019
Rethinking IT: Tech Investments that Drive Business Growth
Jessica Davis, Senior Editor, Enterprise Apps,  10/3/2019
IT Careers: 12 Job Skills in Demand for 2020
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/1/2019
Register for InformationWeek Newsletters
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll