Deloitte 2010 security survey: Financial institutions making identity and access management tools their #1 priority
Security practices of financial institutions evolve as organizations, recognizing the need for a proactive stance
New York, 8 June 2010 — With a number of recent high-profile code thefts driving headlines across the globe, senior security executives at some of the world’s largest financial institutions say they are making it a priority to invest in identity and access management tools, according to a Deloitte survey released today.
According to Deloitte’s 2010 annual security survey for global financial institutions, entitled “The Faceless Threat,” identity and access management was identified by survey respondents as the industry’s top security initiative for 2010. Among 19 different types of initiatives, 44 percent listed this as their top initiative; it is also a significantly higher priority for larger organizations with more than 10,000 employees (63 percent).
“Institutions are far less confident that traditional controls will protect them, and with good reason,” says Adel Melek, DTT Enterprise Risk Services, Global Financial Services Industry Leader. “In the early days of information security, access control performed the function of a gatekeeper, essentially keeping the bad guys out. But it has now evolved far beyond that, especially in terms of more sophisticated levels of access, better access control reporting, and the ability to track what events took place, when, and by whom. Today, many organizations realize that simply entering a user ID and password is no longer adequate, especially for customers and business partners.”
Security budgets also appear to be reversing the current trend of cost-cutting. More than half of the survey’s respondents (56 percent) indicate that their information security budget has increased. Additionally, there is a significant drop, as compared to last year, in the number of respondents who state that “lack of sufficient budget” is one of the major barriers that their organization faces.
The report says that this may well be due to an increasing “realization that, as the information security environment gets more dangerous, so investment in data protection must get more serious.”
“Organizations are starting to recognize the importance of the information security function to business,” says Melek. “The increasing sophistication of faceless threats, the change in the threat agents and players, and the decreasing level of competence required to pose a threat due to the availability of fraud tools on the Internet are all factors that have caused financial services organizations to evolve their security practices in many areas. The security environment is undergoing a metamorphosis.”
Additional findings of the survey:
The report also offers breakdowns of results by geographies and select countries, as well as by the banking, investments and securities, insurance and payments and processors sectors.
Deloitte’s global financial services team surveyed senior information technology executives at more than 350 major financial institutions via face-to-face interviews and online questionnaires during early 2010.
*As used in this press release “Deloitte” means Deloitte Touche Tohmatsu, a Swiss Verein.
Deloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu and its member firms.
Deloitte provides audit, tax, consulting, and financial advisory services to public and private clients spanning multiple industries. With a globally connected network of member firms in more than140 countries, Deloitte brings world-class capabilities and deep local expertise to help clients succeed wherever they operate. Deloitte's approximately 169,000 professionals are committed to becoming the standard of excellence.