Security regulatory compliance and identity and access management were the top two security initiatives in financial services in 2008, just as they were the year before, according to Deloitte Touche Tohmatsu's annual survey of security issues and practices in the financial services industry. Also bubbling to the top of the list in 2008 was "data protection and information leakage."
Budget woes are emblematic of the times, and more than 50 percent of respondents said not enough money or resources was the biggest barrier to ensuring information security last year. Only about 38 percent of respondents said the increasing sophistication of threats was a major barrier to ensuring security, down 10 percent from 2007.
For all the attention paid to security in financial services, just over 60 percent of survey respondents say their company has a security strategy, though another 21 percent say they have one in draft form. Deloitte asked institutions if they were victim of a security event(s), and found that 22 percent reported a breach related to employee misconduct, and 11 percent experienced more than one occurrence of external financial fraud involving financial systems.
But anecdotes from around the industry indicate fraud and breaches are rising dramatically, look for next year's survey to reflect a rise in both internal and external attacks. "If there was ever an environment to facilitate an organization's people being distracted, nervous, fearful or disgruntled, this is it," says Adel Melek, global leader of security and privacy services in Deloitte's financial services practice.