Spending by financial services firms on data security systems is skyrocketing as the companies scramble to protect themselves from cyberspace intruders.

A new study, conducted by Yankee Group of Boston and Infosecurity News magazine, found that spending on computer-security products at 412 large and midsize companies rose an average of 25% from 1994 to 1995. This year, data security spending is expected to rise by 15%. The growth far outpaces increases in overall corporate technology spending, the survey found.

Among the hundred or so financial companies participating in the survey, spending was even greater.

Information security expenditures at banks, investment companies, and insurance firms rose 29% from 1994 to 1995, and is expected to grow 16% this year, said Steve Franko, a senior analyst with Yankee Group.

Driving this growth are fears of the risks posed by doing business on the Internet, as well as concerns about whether remote access, such as home banking, could lead to systems breaches, the survey found.

"I think people are starting to become much more aware of what the potential security risks are, but they still don't have all the tools they need to implement effective security solutions on an enterprisewide basis," Mr. Franko said.

Despite the fears of the Internet, the survey found that the number of security breaches springing from use of the sprawling network have been few.

Only 9% of financial industry respondents said their most significant security "breach" within the last 12 months came from outside the organization. In a breach, restricted computer files are accessed or destroyed by unauthorized system users.

About 50% of the companies reported security breaches involving employees in the past year.

"The Internet itself does not bring a whole lot security exposures with it, it just magnifies the ones you already had," said Ken Cutler, director of information security for MIS Training Institute, Framingham, Mass.

The financial services firms surveyed expressed interest in using the Internet for transaction processing, but had little confidence that current security measures for safeguarding electronic commerce were up to snuff.

"Our biggest concern is that we have more distributed systems than ever before, and we're still playing catch-up with the (security) tools," said Pat Gilmore, vice president of the Information Systems Security Association and director of applications risk management at Charles Schwab & Co.

Ms. Gilmore added that the financial industry is still waiting for the final adoption of technical standards for securing electronic mail and payments over the Internet.

Subscribe Now

Access to authoritative analysis and perspective and our data-driven report series.

14-Day Free Trial

No credit card required. Complete access to articles, breaking news and industry data.