The majority of the world's leading financial services
companies are appointing chief security officers as pressure from
cyber attacks continues to intensify.
Two thirds of the top 500 financial firms have appointed or plan to
appoint a chief security officer with equal or higher status than
their chief information officer, research by Deloitte and Touche
Tohmatsu revealed.
About 9% of CSOs report directly to the board, 32% report to the
chief information officer, and 4% report to the chief executive,
according to the survey of more than 150 of the worlds largest
financial companies.
The trend, which lets companies view information security as part
of their risk management strategy, rather than an IT expense, comes
amid concern over the rising tide of cyber attacks.
Nearly 40% of the firms questioned said their systems had been
compromised during the past year by attacks from either inside or
outside their networks.
Despite the economic downturn, most financial companies have
increased their security budgets or at least kept them at the same
level.
About 50% of companies have increased their IT security staff, 3o%
have left levels unchanged, and only 20% have made cuts in the past
12 months.
Although companies are confident that their systems are secure from
external attacks, nearly 20% said they were not confident that
their systems were well protected against internal hackers.
Only 4% said they were ahead on their IT security plans, however,
with 37% describing themselves as "catching up" and 8% admitting
they are behind.
The survey raised concerns about the adequacy of security training,
with only 45% of firms offering a training or awareness programme
for their staff.
Although 88% of the firms said they have a comprehensive disaster
recovery plan in place, only 43% said they are confident that their
back-ups work and are being stored off-site in accordance with
policy.
Most financial institutions are planning to roll out leading-edge
security technologies in the next 18 months. About 80% plan to
install new public key infrastructure technology, 70% are looking
at smartcards, and 29% plan to deploy biometrics. Twenty five per
cent have cyber risk insurance and 5% plan to buy cover.