Banks appoint IT security chiefs

The majority of the world's leading financial services companies are appointing chief security officers as pressure from cyber...

The majority of the world's leading financial services companies are appointing chief security officers as pressure from cyber attacks continues to intensify.

Two thirds of the top 500 financial firms have appointed or plan to appoint a chief security officer with equal or higher status than their chief information officer, research by Deloitte and Touche Tohmatsu revealed.

About 9% of CSOs report directly to the board, 32% report to the chief information officer, and 4% report to the chief executive, according to the survey of more than 150 of the worlds largest financial companies.

The trend, which lets companies view information security as part of their risk management strategy, rather than an IT expense, comes amid concern over the rising tide of cyber attacks.

Nearly 40% of the firms questioned said their systems had been compromised during the past year by attacks from either inside or outside their networks.

Despite the economic downturn, most financial companies have increased their security budgets or at least kept them at the same level.

About 50% of companies have increased their IT security staff, 3o% have left levels unchanged, and only 20% have made cuts in the past 12 months.

Although companies are confident that their systems are secure from external attacks, nearly 20% said they were not confident that their systems were well protected against internal hackers.

Only 4% said they were ahead on their IT security plans, however, with 37% describing themselves as "catching up" and 8% admitting they are behind.

The survey raised concerns about the adequacy of security training, with only 45% of firms offering a training or awareness programme for their staff.

Although 88% of the firms said they have a comprehensive disaster recovery plan in place, only 43% said they are confident that their back-ups work and are being stored off-site in accordance with policy.

Most financial institutions are planning to roll out leading-edge security technologies in the next 18 months. About 80% plan to install new public key infrastructure technology, 70% are looking at smartcards, and 29% plan to deploy biometrics. Twenty five per cent have cyber risk insurance and 5% plan to buy cover.

Read more on Hackers and cybercrime prevention