Breaking finance and business news, tax information, jobs and more for finance directors and senior finance professionals.

The business advisory firm's 2007 Global Financial Services Security Survey found that the security problems plaguing banks most are viruses and worms, email attacks such as spam, and those attacks focused directly on the customer.

Customers continue to be a target of choice and source of security concerns, as breaches due to poor awareness resulting in not having the right protection in place allows their PCs to be compromised. Customers are seen as a direct route to financial gain with banks facing a continued battle against the growing sophistication of attacks via identity theft.

In addition to breaches perpetrated through the customer channel, Deloitte’s research reveals that a high number of breaches can be attributed to employees: both through misconduct (intentional action) and errors and omissions (unintentional action). The overwhelming majority of financial services organisations (91 per cent) are concerned about the risks arising internally.

Although errors and omissions by employees are identified as a major factor contributing to ongoing security failures, almost a quarter (22 per cent) of respondents provided no employee security training over the past year and only one-third of respondents (30 per cent) say their staff is well skilled with adequate competencies to respond to security needs.

Mike Maddison, UK Head of Security & Privacy Services, commented: "You can have the best technical systems in place but they are unlikely to operate effectively unless you educate people on their obligations and how to fulfil them."

Surprisingly, when compliance and legislation are such drivers, less than two thirds (63 per cent) of the banks responding to Deloitte’s global security survey have an information security strategy in place, and only one in ten of this year’s respondents have their information security led by business line leaders. These findings highlight an emerging security paradox: the gap between awareness of the problem and support for the solution. Security incidents continue to grab business executives’ attention but "ownership" of the underlying problems is still perceived to rest with IT departments.

Maddison added: "The contradictory findings in this year’s survey highlight the ongoing security challenge financial institutions are facing. On the one hand, it is clear that senior executives know there are actions they must take to improve security to protect their customers’ data for very good business reasons. On the other hand when it comes to taking action it once again becomes a technical problem. Despite these challenges, knowing that the problem exists is at least half the battle, so financial institutions are definitely moving in the right direction."

Security training and awareness, along with access and identity management of employees, clients and suppliers, and data protection are among organisations’ top initiatives this year.

Virtually all the organisations surveyed (98 per cent) indicate increased security budgets, but 35 per cent feel that investment in information security is lagging behind business needs. The banks identify "shifting priorities" (48 per cent) and "integration problems" (32 per cent) as the top reasons for information security project failures.

Related links

• Deloitte UK
• Global Financial Services Security Survey