|
Practitioners from Deloitte's Global
Financial Services Industry practice
conducted face-to-face interviews with
senior information technology executives
of the top 100 global financial services
organisations. Questions related
to governance, investment, value, risk,
responsiveness, use of security technologies,
quality of operations, and privacy.
The survey results, published in May
2004, provide a global benchmark
for
the state of security in the financial
sector.
The survey reported that the majority
of global financial institutions have
had an external attack on their information
technology systems within the last year
and many of these breaches resulted
in financial loss. But even with security
attacks on the rise, the largest number
of respondents (25%) reported flat security
budget growth.
83% of respondents acknowledged that
their systems had been compromised in
the past year, compared to only 39%
in 2002. Of this group, 40% stated that
the breaches had resulted in financial
loss to their organization.
"Financial institutions, particularly
security officers, are facing greater
challenges than ever," says Adel Melek,
global leader of Deloitte's IT Risk
Management & Security Services,
Global Financial Services Industry.
"They are fighting an on-going battle
to overcome evolving security threats
and to comply with an increasingly stringent
regulatory environment but, at the same
time, resources have stagnated."
The survey also found that companies
are sliding backwards when it comes
to the use of security technologies.
While more than 70% of respondents perceived
viruses and worms as the greatest threat
to their systems in the next 12 months,
only 87% of respondents had fully deployed
anti-virus measures. This result is
down from 96% in 2003.
On the upside, the survey revealed some
significant advancements and trends
in the right direction. Financial institutions
showed improvement in complying with
regulations, as two-thirds (67%) of
respondents indicated they have a program
for managing privacy (compared to 56%
last year). In addition, the majority
(69%) felt that senior management is
committed to those security projects
essential to addressing regulatory requirements.
"Today's IT professionals are under
pressure to balance the fine-line between
openness and exposure while meeting
stakeholder demands," says Melek. "They
are hard-pressed to facilitate growth
and profitably, while managing the costs
required to maintain sufficient security
levels," says Melek.
Other key findings of the survey:
. While the majority
of respondents (59%) indicated security
is a key
part of their solution,
only 10% of respondents reported that
their
general
management perceives security as a business
enabler.
. While 91% of respondents
indicated they have a comprehensive
IT
disaster
recovery plan in place, only half (51%)
of respondents took
into
account personnel within their business
continuity plans.
. One third (32%)
of respondents felt that security technologies
acquired
by their organizations were not being
utilized effectively.
. Only one quarter
(26%) of respondents felt that their
strategic and
security
technology initiatives were well aligned.
. Identity management
and vulnerability management are the
two
most
common technologies that financial services
are piloting or
intend to
deploy over the coming 18 months.
Source: Deloitte Touche
Tohmatsu www.deloitte.com
|
