Nearly 40% of banks have had their IT security breached in the past year, with the majority of attacks coming from external sources, according to a survey conducted by Deloitte & Touche.
Deloitte & Touche's 2003 Global Security Survey examined the security at 80 Fortune 500 financial companies.
In total, 39% of respondents acknowledged that their systems had been compromised in some way within the last year. The responses contradict the common assumption that 80% of cybercrime is caused by insiders:
- 16% report attacks from an external source;
- 10% report attacks from an internal source; and
- 13% report attacks from both sources.
Despite the severe economic downturn, most respondent have increased their IT security budgets in the past year in an effort to deal with the threat. On average, six per cent of total IT spend is now directed towards improving security.
The list of technologies "to be deployed within the next 18 months", is topped by those that offer stronger authentication, with 45% of banks planning to introduce public key infrastructure, 42% smart cards, and 19% biometrics.
Deloitte & Touche estimates that by the end of 2004, 78% of the financial institutions in the survey will have rolled out PKI, 70% will have incorporated smart cards, and 29% will have deployed biometrics in some form.
Respondents indicated that they have come to grips with some of the organisational issues involved in information security. Over 61% of the financial institutions that participated in the survey have a chief information security officer, and another 14% of respondents report having more than one.
Read the full report: Global Security Survey 2003