Information security a key priority for financial institutions

Financial institutions are facing a serious battle in their efforts to protect consumers’ financial assets and data, a Midlands technology risk expert has warned.

David George, associate partner at business advisory firm Deloitte, said growing sophistication of targeted attacks by criminal gangs and the threat of internal breaches of security were the two main areas of concern for financial organisations.

According to Deloitte’s 2010 Financial Services Global Security Study only 20 per cent of respondents were “very confident” in their ability to thwart internal breaches of security, compared to 50 per cent when asked about their ability to thwart external breaches.

As a result, 70 per cent of UK financial institutions have increased their information security budgets over the past 12 months compared with 56 per cent globally.

Mr George, who leads Deloitte’s technology risk practice in the Midlands, said: “It is vital that companies are vigilant in protecting their data assets, placing appropriate emphasis on monitoring internally as much as spending ever more at the perimeter. This includes recognising that implementing checks and measures to reduce the potential impact of human error is key.

“Over the past 18 months, it is positive that financial institutions recognise the ongoing need to protect their information assets, which is evidenced by the fact that organisations continue to invest in this area and budgets have not been cut.”

The Deloitte study found that the security practices of global financial institutions are focusing primarily on identity and access management tools (IAM) and data loss prevention.

Changing regulation has also prompted companies to reassess their information security, according to Mr George.

He said: “Following the banking crisis, we have seen a great deal of regulatory attention and change in the UK financial services sector. Many of these changes will necessitate significant transformations in systems and reporting, requiring major security considerations to be introduced.

“However, only 40 per cent of UK financial institutions believe that information security and business initiatives are sufficiently aligned. It is increasingly important that security strategies are also sufficiently flexible to respond to rapid changes in business objectives and regulations.

“The increased focus by the UK’s Information Commissioner’s Office (ICO), which now has the power to fine organisations up to £500,000, shows the continuing concern about the protection of personal data.”

The Deloitte survey showed this was another key concern for 35 per cent of financial institutions in the UK, compared to 39 per cent globally. The ICO cites human error as a major factor in breaches and continues to highlight the importance of staff training.

The survey found an increased focus on training and awareness, with 75 per cent of UK financial services firms providing training to employees to identify and report suspicious activities, which is higher than the global average of 64 per cent.

Security of data processed by third parties’ is still seen as a priority. However, only 15 per cent of UK respondents were very or extremely confident in their third parties’ security practices, compared to 90 per cent in Japan and 36 per cent globally.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: