Cyberattacks on large financial institutions more than doubled from a year ago, according to a survey released last week by Deloitte & Touche LLP.
The New York-based consulting firm said 83 percent of senior security officers at the world's leading financial institutions said their systems had been compromised in the past year, compared with 39 percent in 2003. And 43 percent of the respondents whose systems were attacked said they lost money because of the attacks.
"What it says is that the attention of the big financial institutions is on this issue at much higher levels of the organization," said Ted DeZabala, national leader of security services at Deloitte. "They are now cognizant of the magnitude of the problem, and they are taking much more action to address the issue."
However, he said the problem is growing faster than companies can respond.
"It's harder to keep up, and yet there's much more attention paid to the issue than ever before," DeZabala said. "But there's still a long way to go, and if they don't accelerate their attention to this issue and implement solutions, it's going to continue to get away from them."
DeZabala said that since the 9/11 terrorist attacks, financial institutions have been under a lot more regulatory pressure to secure their IT systems. "People are much more attuned to risk management issues now, with security being one of them," he said.
Despite the increase in cyberattacks, more than 25 percent of respondents said their security budgets remained flat this year, while almost 10 percent said their budgets were cut from the previous year.
"Spending on security technologies is telling us that it's not so much that people are reducing the deployment of technology but that they're focusing on deployment as opposed to purchasing," DeZabala said. "Companies have learned that the total cost of ownership for a security solution is more than the cost of the software. In the past, companies had done a lot of purchasing and not a lot of deployment. But now people are focusing on deploying what they have or what they're buying, so that explains some of the reduction."
According to the survey, 70 percent of respondents believe worms and viruses are the biggest threats to their systems, and 87 percent of them said they have deployed antivirus measures. "Issues around worms and things (are) getting a lot more attention," DeZabala said.
He also said the management of third-party access to corporate networks is something that needs more attention.
"Although a lot of attention is being paid to it, the problem is bigger than it ever was because there are many more third parties that are connecting to an institution -- particularly the global institutions," he said.
"I think of security as medicine -- there is always going to be a new disease, something new to manage and to deal with and find solutions to," he said. "But overall the population is getting healthier."