New York–A new study says human error, and a failure to address security on an enterprise-wide basis, are undermining efforts by top financial institutions to safeguard data.

Deloitte Touche Tohmatsu’s 2007 Global Security Survey asked senior information technology executives from 169 major global institutions about the current trends in security and privacy. The survey focused on governance, investment in security, risk, use of security technologies and privacy issues.

The survey revealed that the greatest root cause of external breaches continues to be the ‘human factor’: an organization’s employees, customers, third parties and business partners.  It also found that only 63% of the top 100 global financial services organizations have an information security strategy. Perhaps more troubling, the study found that only 10% have their information security led by business line leaders.

New York-based Deloitte says its findings illustrate the gap between awareness of the problem and support for the solution and that a key challenge lies in the development and integration of a security strategy across the business.

“Due to the increased number of high-profile losses or theft of customer data, data protection has been the subject of intense attention over the past 18 months,” said Mark Steinhoff, a principal with Deloitte & Touche LLP and leader of the firm’s financial services industry’s security & privacy services practice. “We continue to stress that this is not only a security or technology issue, but requires the integration of security governance, compliance and solutions across the enterprise.”

When it comes to security breaches, the activities of the financial institution’s own customers are one of the most worrisome elements, according to the Deloitte survey, finding that the top three breaches were viruses and worms, e-mail attacks and phishing/pharming.

Although these types of breaches directly affect financial institutions, they are still reluctant to take responsibility for the security of their customers’ computers, most likely because of the enormity of such an undertaking. When asked whether they should be held accountable for protecting the computers of their customers who do online business with them, 66% of respondents replied that they should not.

In addition to breaches perpetrated through the customer channel, the survey reveals that a high number of repeated occurrences are attributable to employees–both through misconduct (intentional action), and errors and omissions (unintentional action). An overwhelming majority of respondents (91%) are concerned about employees, and cite the human factor as the root cause for information security failures (79%).

Source: Deloitte & Touche LLP

Register or login for access to this item and much more

All Digital Insurance content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access