The first results from Deloitte’s 2012 security survey of the global financial services sector which were released in Sydney today found that in the US a full half of all financial institutions had suffered a privacy related breach, while in the UK more than two out of three organisations suffered that fate.
Internationally a quarter of all banks reported that they had suffered a security breach in the last 12 months, which Deloitte acknowledged was probably an under-reporting of the true figure.
Adel Melek, managing director of global enterprise risk services for Deloitte, who was in Australia to discuss the results said that the survey had identified significant security issues being faced by the financial sector, but that it also had revealed much higher awareness of information security issues among senior financial sector executives. “Not too long ago the view was that information security was in something of a vacuum,” he said, adding that this was no longer the case.
He cited the results of a survey of politician and CEO delegates at the World Economic Forum meeting earlier this year which identified cyber attacks as the fourth most concerning issue delegates felt they had to tackle, behind global financial worries but ahead of concerns about water supply.
While the Deloitte report notes that 32 per cent of financial institutions in Asia Pacific had endured a privacy related breach, in Australia at least enterprises are not mandated to disclose such breaches.
Mr Melek said that there was a fine line to be drawn between too much and too little disclosure relating to breaches but acknowledged that; “If there is no clear legislation then there tends to be a lot of rationalisation,” which often led to organisations failing to disclose breaches.
“As a practitioner I am skeptical of the ability of private enterprises to self monitor,” he added.
The Deloitte survey, which canvassed opinions from more than 250 financial services companies in 39 countries, including “most” of Australia’s four big banks found that the three greatest technology related risks perceived by the sector were financial fraud involving information systems; employee errors and omissions; and breaches of information.