Hack attacks are becoming increasingly sophisticated, with over a third of banks and financial services companies reporting a security breach in the last year, according to a new survey.
Of the 39 percent who admitted their systems had been compromised, 16 percent were due to external attacks, 10 percent internal breaches and 13 percent both, according to the 2003 Global Security Survey of worldwide financial services institutions by consultant Deloitte Touche Tohmatsu (DTT).
Although this is the first year of the survey, Simon Owen, partner responsible for risk in financial services at DTT, said based on experience the figures represent an increase and explode the myth that the biggest threat to a company comes from employees.
"It is not just an internal informed activity," he said. "We are seeing more sophisticated attacks and a high level of intelligent attacks with a combination of attacks and the ability to source lots of information beforehand."
Europe leads the way in implementing security policy and standards, as well as leading-edge technologies such as public key infrastructure (PKI) and biometrics. But Owen said it was "worrying" the region also had the lowest level of business continuity and disaster recovery planning.
The US has the highest level of maturity and adoption of disaster recovery planning, following the 11 September terrorist attacks.
IT security is still seen as a necessary cost of doing business by many companies and budgets continue to rise to 6 to 8 percent of overall IT spend.
And despite the severe economic downturn almost half increased security staff in the last year and two-thirds plan to appoint a chief security officer or chief information security officer in the next two years.
The financial viability of many security vendors and complex integration issues with many products continue to cause IT directors headaches but the main security technologies being looked at by banks over the next 18 months include PKI, smart cards and biometrics.
DTT interviewed 175 senior IT executives to compile the survey.