Attacks On IT Systems More Than Double, According to
Respondents of Deloitte & Touche LLP's Global
Financial Services Survey
Worms, Viruses Cited as Most Threatening Forms of Attack
by Financial Services Companies
Deloitte Services LP Press Release
Deloitte Services LP
212 436 5170
Contact: Daniel Mucisko
Deloitte Services LP
Senior Manager, Public Relations
212 492 4192
May 27, 2004 - External security attacks on
information technology systems at a sampling of the world's
leading financial institutions more than doubled from a
year ago, according to responses from a global survey of
financial institutions by Deloitte & Touche LLP, one of
the nation's leading professional services firms.
Deloitte's 2004 Global Security Survey revealed that 83
percent of survey respondents acknowledged their systems
had been compromised in the past year, compared to 39 percent
in 2003. Moreover, 40 percent of respondents whose systems
were attacked said they sustained financial losses.
survey, which provides insight into the state of security
the financial services industry, consisted of interviews
with senior security officers from 100 of the top global
"Financial institutions are fighting an on-going battle
to combat and mitigate ever-increasing security threats
and attacks, and privacy violations, as well as comply
with the increasingly stringent regulatory environment," said
Ted DeZabala, a principal and national leader of Security
Services for Deloitte & Touche LLP.
"These institutions are under increased pressure to deliver
a secure environment while also providing greater consumer
access. There is a very fine balance between meeting such
demands while maintaining the level of security needed
to prevent and manage attacks," DeZabala added.
Despite the reported doubling of security attacks, more
than a quarter of financial institutions said their security
budgets remained flat, while nearly 10percent had their
budgets slashed from the previous year. Respondents reported
that they perceived their spending on security to be in
line with other comparable organizations and in line with
their own security plans.
survey also showed declining use of security technologies.
than 70 percent of respondents stating they believed
viruses and worms to be the greatest threat to their systems
within the next year, a total of 87 percent of respondents
said they have fully deployed anti-virus measures. This
result is down from a response rate of 96 percent from
last year's survey.
is, however, encouraging news. Financial institutions
responding showed improved regulatory compliance efforts,
with two-thirds indicating they now have a program for
managing privacy, compared to 56 percent of respondents
in 2003. In addition, nearly seven of 10 felt that senior
management is committed to security projects needed to
address regulatory requirements.
"Security threats such as viruses, worms, malicious code,
sabotage and identity theft are real and have already cost
millions of dollars in lost revenues to institutions globally," said
DeZabala. "This is our second year conducting this survey,
and we plan to continue doing this annually to help the
financial services industry, as well as others that may
benefit, better understand the increasing complex environment
of security threats and possible counter measures available."
Additional Key Findings of the Survey:
Although more than half indicated that security
is a key part of their solution, 10percent reported
that their general management perceived security as
a business enabler.
The majority of respondents indicated they have
a comprehensive IT disaster recovery plan in place,
but only half included personnel within their business
One-third of respondents stated they believe that
security technologies acquired by their organizations
are not being utilized effectively.
Only one quarter of respondents felt that their
strategic and security technology initiatives were
Identity management and vulnerability management
were the two most common technologies that financial
services are piloting or intend to deploy over the
coming 18 months, according to the survey.
survey, conducted in face-to-face interviews by Deloitte's
Financial Services Industry practice, focused on
senior information technology executives (Chief Information
Officer, Chief Security Officer, Security Management Team,
etc.) from 100 of the top global financial services organizations.* The
questions, developed by the firm's Security Services Group,
related to governance, investment, value, risk, responsiveness,
use of security technologies, quality of operations, and
privacy. The respondents represented public and private
companies from all continents reaching the four corners
of the globe including: Canada, the United States, Europe/Middle
East/Africa, Asia/Pacific and Latin America.
*The 100 organizations surveyed were comprised of: 31
of the top 100 Global Financial Services Institutions,
ranked by 2002 financial assets; 23 of the top 100 Global
Banks, ranked by Tier-1 Capital 2002; and 10 of the top
50 Global Insurers, ranked by 2002 financial assets
one of the nation's leading professional services firms,
provides audit, tax, consulting, and financial advisory
services through nearly 30,000 people in more than 80 U.S.
cities. Known as an employer of choice for innovative
human resources programs, the firm is dedicated to helping
its clients and its people excel. "Deloitte" refers to
the associated partnerships of Deloitte & Touche USA LLP
(Deloitte & Touche LLP and Deloitte Consulting LLP) and
subsidiaries. Deloitte is the U.S. member firm of Deloitte
Touche Tohmatsu. For more information, please visit Deloitte's
Web site at www.deloitte.com/us.
Touche Tohmatsu is an organization of member firms devoted
excellence in providing professional services
and advice. We are focused on client service through a
global strategy executed locally in nearly 150 countries. With
access to the deep intellectual capital of 120,000 people
worldwide, our member firms, including their affiliates,
deliver services in four professional areas: audit, tax,
consulting, and financial advisory services. Our member
firms serve more than one-half of the world's largest companies,
as well as large national enterprises, public institutions,
locally important clients, and successful, fast-growing
global growth companies.
Touche Tohmatsu is a Swiss Verein (association), and,
neither Deloitte Touche Tohmatsu nor any
of its member firms has any liability for each other's
acts or omissions. Each of the member firms is a separate
and independent legal entity operating under the names "Deloitte," "Deloitte & Touche," "Deloitte
Touche Tohmatsu," or other, related names. The services
described herein are provided by the member firms and not
by the Deloitte Touche Tohmatsu Verein. For regulatory
and other reasons, certain member firms do not provide
services in all four professional areas listed above.