Cyberattacks on financial firms double

Cyberattacks on large financial institutions have more than doubled from last year, according to a survey released by Deloitte & Touche.

The consulting firm said 83% of senior security officers at the world's leading financial institutions said their systems had been compromised in the past year, compared with 39% in 2003. 

Forty-three per cent of the respondents whose systems were attacked said they had lost money as a result. 

"What it says is that the attention of the big financial institutions is on this issue at much higher levels of the organisation," said Ted DeZabala, national leader of security services at Deloitte. "They are now cognisant of the magnitude of the problem, and they are taking much more action to address the issue." 

However, he noted the problem is growing faster than companies can respond. 

"It's harder to keep up, and yet there's much more attention paid to the issue than ever before."

Since the 11 September terrorist attacks, financial institutions have been under a lot more regulatory pressure to secure their IT systems, he said, adding that, people are much more attuned to risk management issues now, with security being one of them.

Despite the increase in cyberattacks, more than 25% of respondents said their security budgets remained flat this year, while almost 10% said their budgets were cut from the previous year. 

"Spending on security technologies is telling us that it's not so much that people are reducing the deployment of technology but that they're focusing on deployment as opposed to purchasing," DeZabala said.

"Companies have learned that the total cost of ownership for a security solution is more than the cost of the software. In the past, companies had done a lot of purchasing and not a lot of deployment. But now people are focusing on deploying what they have or what they're buying, so that explains some of the reduction." 

Seventy per cent of respondents believed worms and viruses are the biggest threats to their systems, and 87% of them said they have deployed anti-virus measures.

DeZabala said the management of third-party access to corporate networks is something that needs more attention. 

"Although a lot of attention is being paid to it, the problem is bigger than it ever was because there are many more third parties that are connecting to an institution - particularly the global institutions." 

"I think of security as medicine - there is always going to be a new disease, something new to manage and to deal with and find solutions to," he said. "But overall the population is getting healthier."

Linda Rosencrance writes for Computerworld