Data security in financial services, IT security jobs in UK on the rise

A recent survey from Deloitte sees a rise in security spending on data security in financial services, as well as IT security posts in the UK.

The market hit its bottom point in the summer of last year. From last October it has started to warm up and is getting busier, especially in the retail banking sector.


 Mark Ampleford
DirectorBarclay Simpson Associates Ltd.

Financial institutions are investing in security again, and putting a special focus on identity and access management and data leakage prevention. As security budgets grow, banks are also helping to raise the number of IT security jobs in the UK once more.

These findings come from a recent survey carried out by management consultancy Deloitte and are published in its new 2010 Financial Services Security Study. The findings are based on interviews with 350 financial institutions around the world, representing 27% of the top 100 global financial companies.

Subtitled "The Faceless Threat," the report explains that increases in a combination of organised cybercrime and the number of regulations are demanding that data security in financial services become a priority.

"Following the banking crisis, we have seen a great deal of regulatory attention and change in the UK financial services sector," said Nick Seaver, a security partner at Deloitte. "Many of these changes will necessitate significant transformations in systems and reporting, requiring major security considerations to be introduced."

The survey found that 70% of UK financial institutions have increased their security budgets during the last 12 months, compared with 56% globally. Identity and access management tools are a key focus for financial institutions, with 44% globally and 35% in the UK seeing this as a priority. In the US, the figure was 67%. UK respondents (80%) were most likely to implement full encryption for mobile devices, compared to a 42% global average.

Seaver said the high interest in identity and access management (IAM) in the US had been generated by a need to comply with the Sarbanes-Oxley regulations. He added that IAM technology has improved in the last five years and is now much easier to deploy. Similarly, data leakage prevention (DLP) technology is increasingly being implemented to prevent data losses that could prove embarrassing.

"The banks haven't had a good time for the last two years. The last thing they want is to be on the front page of a daily national newspaper having lost customer data," said Seaver. "They are more risk averse. And they have increasing recognition that people are emailing spreadsheets and using USB sticks [with confidential information], and some DLP technologies go a long way to solving that problem."

The pick-up in budgets is also good news for security professionals. During the credit crunch of the last two years, most financial institutions imposed a recruitment freeze, but the situation is changing fast.

"The market hit its bottom point in the summer of last year," said Mark Ampleford, a director of recruitment firm Barclay Simpson Associates Ltd. "From last October it has started to warm up and is getting busier, especially in the retail banking sector."

He said many projects at banks had been put on hold, and that companies are now playing catch-up. "We are also seeing some major new initiatives and some new departments, particularly in areas such as third-party assurance," Ampleford said.

As the Deloitte report revealed, only 15% of UK respondents were 'very' or 'extremely' confident in their third parties' security practices, and so security of data processed by third parties is seen as a priority. Ampleford said that people with a computer auditing background were being sought for that kind of role.

Other skills in demand, he said, included monitoring intrusion protection systems and knowledge of the Vontu DLP system, now owned by Symantec Corp.

Read more on Privacy and data protection