More than three quarters of financial firms experienced external IT attacks in the past year, while almost half (49%) experienced internal breaches, according to a global survey by consultancy Deloitte.
Deloitte's '2006 Global Security Survey' of the world's top 100 global financial institutions found that 78% of banks experienced a security breach from outside the organisation in the past 12 months, up from 26% in 2005, while 49% had experienced at least one internal security breach, up from 35% in 2005.
Almost three-quarters (72%) of financial institutions that experienced a security breach indicated the estimated amount of damage, including direct and indirect costs, was in the range of $1 million.
The research found that more than half (51%) of external attacks were due to phishing and pharming, followed by spyware/malwere (48%). Insider fraud (28%) and theft of customer data (18%) were cited by respondents among the most common internal breaches.
Mike Maddison, director of security and privacy services at Deloitte says the extent and nature of these security breaches imply that professional hackers and organised crime have taken over a domain once ruled by 'script kiddies' and one-off hackers.
"The types of attack, the execution and exploitation require significant resources and coordination," he says.
However the research found evidence of the financial sector taking steps to fend-off the increasing threats as this year fighting identity theft and account fraud (58%), along with identity management (41%), made their way into the top five security initiatives for 2006, says Deloitte.
Furthermore, the vast majority of respondents - 95% - also said their IT security budgets had grown over the past year, with logical access control products topping the list of security budget spending (76% of respondents).
But the research did find that while 96% of respondents were concerned about employee misconduct involving IT systems, only a third (34%) have provided their staff with some form of information security and privacy training over the past year.
Maddison says financial institutions are shifting priorities and starting to take necessary measures to mitigate the various security risks and challenges.
"However, whilst it is only natural to shift focus to the most high profile or new and emerging threats, it is apparent that organisations must continue to maintain a balanced, and strategic approach to their security operations and initiatives," he says.