IWS - The Information Warfare Site
News Watch Make a  donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled

Security Attacks On IT Systems More Than Double, According to Respondents of Deloitte & Touche LLP's Global Financial Services Survey

Worms, Viruses Cited as Most Threatening Forms of Attack by Financial Services Companies

Published: 05/27/04

Deloitte Services LP Press Release

Contact: Chris Faile
Deloitte Services LP
212 436 5170

Contact: Daniel Mucisko
Deloitte Services LP
Senior Manager, Public Relations
212 492 4192

New York, May 27, 2004 - External security attacks on information technology systems at a sampling of the world's leading financial institutions more than doubled from a year ago, according to responses from a global survey of financial institutions by Deloitte & Touche LLP, one of the nation's leading professional services firms.

Deloitte's 2004 Global Security Survey revealed that 83 percent of survey respondents acknowledged their systems had been compromised in the past year, compared to 39 percent in 2003.  Moreover, 40 percent of respondents whose systems were attacked said they sustained financial losses.

The survey, which provides insight into the state of security in the financial services industry, consisted of interviews with senior security officers from 100 of the top global financial institutions. 

"Financial institutions are fighting an on-going battle to combat and mitigate ever-increasing security threats and attacks, and privacy violations, as well as comply with the increasingly stringent regulatory environment," said Ted DeZabala, a principal and national leader of Security Services for Deloitte & Touche LLP.

"These institutions are under increased pressure to deliver a secure environment while also providing greater consumer access.  There is a very fine balance between meeting such demands while maintaining the level of security needed to prevent and manage attacks," DeZabala added.

Despite the reported doubling of security attacks, more than a quarter of financial institutions said their security budgets remained flat, while nearly 10percent had their budgets slashed from the previous year. Respondents reported that they perceived their spending on security to be in line with other comparable organizations and in line with their own security plans.

The survey also showed declining use of security technologies. With more than 70 percent of respondents stating they believed viruses and worms to be the greatest threat to their systems within the next year, a total of 87 percent of respondents said they have fully deployed anti-virus measures.  This result is down from a response rate of 96 percent from last year's survey.

There is, however, encouraging news.  Financial institutions responding showed improved regulatory compliance efforts, with two-thirds indicating they now have a program for managing privacy, compared to 56 percent of respondents in 2003.  In addition, nearly seven of 10 felt that senior management is committed to security projects needed to address regulatory requirements.

"Security threats such as viruses, worms, malicious code, sabotage and identity theft are real and have already cost millions of dollars in lost revenues to institutions globally," said DeZabala.  "This is our second year conducting this survey, and we plan to continue doing this annually to help the financial services industry, as well as others that may benefit, better understand the increasing complex environment of security threats and possible counter measures available."

Additional Key Findings of the Survey:

  • Although more than half indicated that security is a key part of their solution, 10percent reported that their general management perceived security as a business enabler.
  • The majority of respondents indicated they have a comprehensive IT disaster recovery plan in place, but only half included personnel within their business continuity plans.
  • One-third of respondents stated they believe that security technologies acquired by their organizations are not being utilized effectively.
  • Only one quarter of respondents felt that their strategic and security technology initiatives were well aligned.
  • Identity management and vulnerability management were the two most common technologies that financial services are piloting or intend to deploy over the coming 18 months, according to the survey.

Survey methodology

The survey, conducted in face-to-face interviews by Deloitte's Global Financial Services Industry practice, focused on senior information technology executives (Chief Information Officer, Chief Security Officer, Security Management Team, etc.) from 100 of the top global financial services organizations.*  The questions, developed by the firm's Security Services Group, related to governance, investment, value, risk, responsiveness, use of security technologies, quality of operations, and privacy.  The respondents represented public and private companies from all continents reaching the four corners of the globe including: Canada, the United States, Europe/Middle East/Africa, Asia/Pacific and Latin America.

*The 100 organizations surveyed were comprised of: 31 of the top 100 Global Financial Services Institutions, ranked by 2002 financial assets; 23 of the top 100 Global Banks, ranked by Tier-1 Capital 2002; and 10 of the top 50 Global Insurers, ranked by 2002 financial assets

About Deloitte

Deloitte, one of the nation's leading professional services firms, provides audit, tax, consulting, and financial advisory services through nearly 30,000 people in more than 80 U.S. cities.  Known as an employer of choice for innovative human resources programs, the firm is dedicated to helping its clients and its people excel.  "Deloitte" refers to the associated partnerships of Deloitte & Touche USA LLP (Deloitte & Touche LLP and Deloitte Consulting LLP) and subsidiaries.  Deloitte is the U.S. member firm of Deloitte Touche Tohmatsu.  For more information, please visit Deloitte's Web site at www.deloitte.com/us.

Deloitte Touche Tohmatsu is an organization of member firms devoted to excellence in providing professional services and advice.  We are focused on client service through a global strategy executed locally in nearly 150 countries.  With access to the deep intellectual capital of 120,000 people worldwide, our member firms, including their affiliates, deliver services in four professional areas: audit, tax, consulting, and financial advisory services.  Our member firms serve more than one-half of the world's largest companies, as well as large national enterprises, public institutions, locally important clients, and successful, fast-growing global growth companies.

Deloitte Touche Tohmatsu is a Swiss Verein (association), and, as such, neither Deloitte Touche Tohmatsu nor any of its member firms has any liability for each other's acts or omissions.  Each of the member firms is a separate and independent legal entity operating under the names "Deloitte," "Deloitte & Touche," "Deloitte Touche Tohmatsu," or other, related names.  The services described herein are provided by the member firms and not by the Deloitte Touche Tohmatsu Verein.  For regulatory and other reasons, certain member firms do not provide services in all four professional areas listed above.

Survey Link
2004 Global Security Survey (487 KB)