Tighter budgets, a greater concern over internal security breaches due to lower employee morale and complacency after a decrease in overall attacks over the past year are exposing global financial institutions to an increased risk of data breaches, says consultancy Deloitte Touche.
The warning follows a Deloitte survey of senior security officers in 32 countries. More than half of respondents (56%) say that budgetary constraints and/or lack of resources are the leading barriers to ensuring information security, while lack of resources is identified by a third as the leading cause of failure of information security projects.
"As the current crisis continues to deepen, financial institutions may look to save money by cutting IT budgets and reducing spending on security infrastructure," says Mark Steinhoff, the leader of Deloitte's financial services security and privacy group and a contributor to the report. "With the many challenges confronting the industry this year, combating security breaches should not fall by the wayside."
He suggests that security attacks that exploit human error and breaches caused by distracted or disgruntled employees may be the root cause of information security failures in coming months. The majority of respondents (86%) confirm that human error is the leading cause of information systems failure.
While both internal and external security breaches at financial institutions worldwide have fallen over the past 12 months, employee misconduct is a growing concern.
More than a third (36%) of respondents expressed concern about insiders' misconduct, compared to only 13% who are concerned about external threats. Furthermore, six in 10 (58%) of survey participants are concerned about their ability to protect their organisation from internal cyber-attacks.
Phishing and pharming rank as the leading type of external breach experienced by respondents (22%), while the growing popularity of social networks and the proliferation of mobile media such as USB keys, MP3 players and PDAs are causing an extra load on internal and external security.
Interestingly, more than half of financial institutions surveyed now restrict the use of social networks and instant messaging (53% and 58%, respectively).