Almost three-quarters of UK financial services firms have increased their security budgets in the past year, with identity and access management and data loss prevention strategies receiving most funds.
Increasing numbers of security threats alongside more regulation is driving increased investment, according to Deloitte's 2010 Financial Services Global Security Study.
It found that a higher proportion of UK firms are increasing security spending than their global equivalents, with 70% increasing security budgets compared with 56% of firms globally. It also revealed that finance businesses are more concerned about internal than external threats.
The survey was of the opinions senior information technology executives at more than 350 global financial institutions.
"Financial institutions are facing a battle on two fronts in their efforts to protect consumers' financial assets and data. The threat landscape has evolved; on one side they are tackling the growing sophistication of targeted attacks by criminal gangs and on the other recognising the increasingly expensive secure perimeter is no protection from internal threats," said Mike Maddison, head of Deloitte's security practice.
He said given the turmoil in the sector over the last 18 months the fact that these companies are still investing in security is positive.
Deloitte recently acquired security specialist IM Global to address the identity management concerns of clients. IM Global will be integrated into Deloitte's information and technology risk security team, which helps clients with the processes, technologies, and policies used to manage digital identities.
- 75% of UK financial services provide training to employees to identify and report suspicious activities, which are higher than the global average of 64%.
- Only 15% of UK respondents were very or extremely confident in their third parties' security practices, compared with 90% in Japan and 36% globally.
- 44% of firms globally and 35% in the UK see identity and access management tools as a priority, although this is significantly behind the US industry's 67%.
- 80% of UK respondents were most likely to fully implement encryption for mobile devices, with compared with a 42% global average.
- 55% of UK companies have a programme for managing privacy compared with 70% in the US.
- Only 20% of respondents are very confident in their ability to thwart internal breaches compared with 50% when asked about their ability to thwart external breaches.
- 75% of respondents either have, or plan to have, a security strategy within the next 12 months. But security functions do not get input or involvement from the lines of business when the strategy is being developed, which means that it tends to be driven by the security function rather than by business goals.