Deloitte: Firms lack confidence they can deter internal attacks

Human error is the leading cause for IT system breaches, and most corporate security officials do not feel confident they can protect their organizations from internal cyberattacks, according to Deloitte Touche Tohmatsu's annual survey.

“The economic situation has heightened the concern with a number of institutions, and the threats and the vulnerabilities and the risks have increased," Mark Steinhoff, principal in Deloitte's security and privacy services practice, told SCMagazineUS.com Thursday. "You have tighter budgets, and greater concerns over internal breaches."

Eight-six percent of survey respondents said human error is the leading cause of information systems failure. This finding indicates that normally trustworthy employees can act abnormally during the stressful times of a poor economy, according to Deloitte. More than a third (36 percent) of respondents expressed concern about insiders' misconduct, compared to only 13 percent who were concerned about external threats. Despite this, 58 percent of respondents said they do not feel confident they can prevent internal attacks. 

The survey included participants across 32 countries from the top 100 global financial institutions and banks, as well as the top 50 global insurance companies.

A majority of survey respondents said their information security budgets increased last year but are not keeping pace with security challenges, according to Deloitte. In fact, 56 percent of respondents said buget constraints were the main barriers to ensuring information security, while a lack of resources was identified by a third as the leading cause of failure of information security projects.

Interestingly, more than half the financial institutions surveyed restrict the use of social networks and instant messaging, citing the extra load on internal and external security. That concern also spread to use of USB keys, MP3 players and PDAs.