Financial firms failing to manage IT security - Deloitte

Eighty-three percent of respondents to Deloitte's '2004 Global Security Survey' acknowledged that their systems had been compromised in the past year, compared to only 39% in 2002. Of this group, 40% stated that the breaches had resulted in financial loss to their organisation.

But even with security attacks on the rise, the largest number of respondents (25%) reported flat security budget growth.

"Financial institutions, particularly security officers, are facing greater challenges than ever," says Adel Melek, global leader of Deloitte's IT risk management & security services, global financial services industry. "They are fighting an on-going battle to overcome evolving security threats and to comply with an increasingly stringent regulatory environment but, at the same time, resources have stagnated."

The survey also found that companies are sliding backwards when it comes to the use of security technologies. While more than 70% of respondents perceived viruses and worms as the greatest threat to their systems in the next 12 months, only 87% of respondents had fully deployed anti-virus measures, down from 96% in 2003.

One third of respondents felt that security technologies acquired by their organisations were not being utilised effectively, while only one quarter believed that their strategic and security technology initiatives were well aligned.

On the upside, the survey revealed some advancements and trends in the right direction. Financial institutions showed improvement in complying with regulations, as two-thirds (67%) of respondents indicated they have a programme for managing privacy (compared to 56% last year). In addition, the majority (69%) felt that senior management is committed to security projects needed to address regulatory requirements.

Looking ahead, identity management and vulnerability management are the two most common technologies that financial services are piloting or intend to deploy over the coming 18 months.