The fourth annual poll, released today by Deloitte Touche Tohmatsu, found that 78 percent of the world’s top 100 financial services organizations that responded to the survey confirmed a security breach from outside the organization, up from just 26 percent in 2005. The survey also learned that nearly half of the organizations experienced at least one internal breach, up from 35 percent in 2005.
Phishing and pharming were responsible for 51 percent of the external attacks, while spyware and malware accounted for 48 percent. Meanwhile, insider fraud was responsible for 28 percent of the internal breaches and customer data leaks were to blame for 18 percent.
"The extent and nature of these security breaches signal a new reality for the global financial services industry," said Ted DeZabala, principal in Deloitte’s security services group. "Executing these types of attacks requires significant resources and coordination…Organizations not only face more sophisticated and hard-to-track attacks but are also challenged by increased risk and potential loss."
The survey did reveal some good news: Almost 88 percent of organizations said they have implemented a business continuity plan, and 49 percent placed disaster recovery as a top five security initiative.
Ninety-five percent of enterprises said their information security budgets have increased in the past year.
"Deloitte’s survey shows that financial institutions are attentive to the fast-paced and ever-changing security environment," DeZabala said. "They are shifting priorities and starting to take necessary measures to mitigate emerging security risks and challenges."
Security awareness training, however, fell off the list of top five security priorities, the survey showed. Just over one-third of organizations offered employees security training over the past year despite 96 percent of companies admitting they were concerned about employee misconduct.