Deloitte: Firms lack confidence they can deter internal attacks

Share this article:

Human error is the leading cause for IT system breaches, and most corporate security officials do not feel confident they can protect their organizations from internal cyberattacks, according to Deloitte Touche Tohmatsu's annual survey.

In all, the survey, released Wednesday, found that the global recession is putting information at great risk for these companies.

“The economic situation has heightened the concern with a number of institutions, and the threats and the vulnerabilities and the risks have increased," Mark Steinhoff, principal in Deloitte's security and privacy services practice, told SCMagazineUS.com Thursday. "You have tighter budgets, and greater concerns over internal breaches."

Eight-six percent of survey respondents said human error is the leading cause of information systems failure. This finding indicates that normally trustworthy employees can act abnormally during the stressful times of a poor economy, according to Deloitte. More than a third (36 percent) of respondents expressed concern about insiders' misconduct, compared to only 13 percent who were concerned about external threats. Despite this, 58 percent of respondents said they do not feel confident they can prevent internal attacks. 

The survey included participants across 32 countries from the top 100 global financial institutions and banks, as well as the top 50 global insurance companies.

A majority of survey respondents said their information security budgets increased last year but are not keeping pace with security challenges, according to Deloitte. In fact, 56 percent of respondents said buget constraints were the main barriers to ensuring information security, while a lack of resources was identified by a third as the leading cause of failure of information security projects.

Interestingly, more than half the financial institutions surveyed restrict the use of social networks and instant messaging, citing the extra load on internal and external security. That concern also spread to use of USB keys, MP3 players and PDAs.

Share this article:

Sign up to our newsletters

More in News

Cyber Command tests gov't collaboration in wake of attacks

The two-week exercise, "Cyber Guard 14-1," was completed this month.

Text message spammer settles charges filed by FTC

Text message spammer settles charges filed by FTC

Rishab Verma and his company agreed to settle charges filed by the FTC that Verma sent millions of spam text messages that deceitfully promised free merchandise.

Rhode Island hospital to pay $150K for past data breach

More than 12,000 patients' personal and health information was compromised in a breach at The Women & Infants Hospital of Rhode Island.