Simon Hunt
Simon Hunt
Deloitte Touche Tohmatsu's recently released security survey revealed that 37 percent of the top 100 global financial services organizations don't have a security strategy, and only 10 percent see security as important enough to involve top-line leaders.  
More alarming is that the findings show the greatest root cause of external breaches continues to be the “human factor.”

Why does this remain a problem? And why is it that 66 percent of the respondents questioned felt they should not be responsible for the security of their customers, when their employees potentially are the security risk?

Recent high-profile breaches have rattled market awareness and accelerated the adoption of encryption technology. While these breaches help shed light, we should hardly single out breach victims like TJX Corp. and Gap, Inc.

The Deloitte survey reveals that a high number of repeated occurrences are attributable to intentional employee misconduct and unintentional human error and omission.

The information security industry today needs to take heed of the need to implement integrated, cohesive security strategies that satisfy technology, governance and compliance mandates. Security strategy and policy remains an executive- and board-level imperative.

Even simple pre-emptive measures, such as educating employees about the importance of not sharing passwords, or ensuring USB sticks and laptops are kept in secure locations, will prove beneficial in the long run.

Until then, let's stop pointing fingers and instead start a constructive dialogue on encryption, security policy and sound security strategy driven from the top down.