The current economic crisis combined with tighter budgets is elevating concerns over internal security breaches at the world's largest financial institutions, a report released this week by Deloitte Touche Tohmatsu warns.
The consulting firm said financial institutions are particularly at risk as they look to cut costs and expose themselves to lower employee morale.
"As the current crisis continues to deepen, financial institutions may look to save money by cutting IT budgets and reducing spending on security infrastructure," said Mark Steinhoff, the leader of Deloitte's financial services security and privacy group and a contributor to the report.
The survey was based on interviews with senior security officers at the world's top financial institutions in 32 countries. Deloitte noted that a rash of recent security breaches which have exposed credit and debit card information has heightened the public's concern.
"Consumer trust is already waning. As such, it is important for financial institutions to be vigilant in protecting their data and implementing checks and balances to reduce the risk and potentially catastrophic consequences of security failures," Steinhoff added. "With the many challenges confronting the industry this year, combating security breaches should not fall by the wayside."
Among the survey's major findings:
While 60 percent of respondents confirm that their information security budgets increased in 2008 (mostly in the range of 1 to 5 percent), Steinhoff expects 2009 budgets to be down given cost containment efforts. More than half of respondents (56 percent) say that budgetary constraints and/or lack of resources are the leading barriers to ensuring information security, while lack of resources is identified by a third as the leading cause of failure of information security projects.
Security attacks that exploit human error and breaches caused by distracted or disgruntled employees may be the root cause of information security failures in coming months.
The majority of respondents (86 percent) confirm that human error is the leading cause of information systems failure. This finding recognizes that, while people are an organization's greatest asset, they are also its weakest link, particularly in hard economic times when job insecurity and increased stress levels may lead employees to behave in atypical ways.
While both internal and external security breaches at financial institutions worldwide have fallen over the past 12 months, employee misconduct is a growing concern for these organizations. More than a third (36 percent) of respondents expressed concern about insiders' misconduct, compared to only 13 percent who are concerned about external threats. Furthermore, six in 10 (58 percent) of survey participants are concerned about their ability to protect their organization from internal cyber-attacks.
The challenge for IT security has always been innovation," said Steinhoff, "both in updating the core IT system for the next must-have electronic device and defending against the sophistication of criminals targeting financial institutions. While changes in new regulations might demand new investments, how you keep your infrastructure and technologies safe is something all institutions should be focused on in 2009. This will be a challenging year, no matter how you slice it."
Comments (1)
1. 02-06-2009 10:41
We are already seeing anger manifest itself as sabotage at places like Fannie Mae (see http://finance.yahoo.com/news/Feds-allege-plot-to-destroy-apf-14208185.html) and with positions being slashed beyond minimal staffing levels I foresee human error increasing as people work longer hours.
This problem should be one of the highest priorities on the Technology Leaders issue list as employee anger is growing and as we exit this recession and employees leave for other companies, (history shows high churn rates after recessions end) they won't be inclined to leave behind the address books and customer databases they have worked on.
Registered
Only registered users can write comments. Please login or register.