|Percentage of firms which sustained security attacks other than a virus: 81%
Percentage of those attacked whohad suffered financial losses as a result: 16% -- Source Computer Associates client base
Forty percent of the Australasian finance sector could have been hit by 20 or more virus attacks this year, if a new survey is any indication.
But the good news is that banking and finance companies allocated the highest proportion of the IT budget to security, according to a quarterly survey by Computer Associates. Almost 40% of companies allocate between 15% and 25% of their IT budget, says CA. Some 60% from this sector also said they would be increasing their security budget this year, well above the business average of 47%.
The survey of New Zealand and Australian clients of CA, which includes security software in its product range, also found that 80% of finance firms had policies in place to cover mobile computing devices such as laptops. The average was 58% across all industries, with CA’s IT&T clients averaging a dismal 50%.
CA says financial services, healthcare and government have done well in implementing comprehensive security management procedures, but many businesses from other sectors had not. Computerworld last week heard of one retail outlet out of full commission for several months due to a virus attack. Of the companies that experienced more than 10 virus attacks, only half had boards aware of the IT security policy and the implications of attacks, says CA. The company didn’t supply survey numbers.
And the banks sometimes try to have it both ways. ANZ’s website still says in its internet banking terms and conditions that the user “may be liable for any direct losses suffered or incurred by you or the bank (on a full indemnity basis) to the extent that any such losses are a consequence of unauthorised access ... caused by a fault, interference, interception or virus perpetrated directly through your computer equipment, as a direct result of you failing to take reasonable and appropriate anti-virus and other security measures”.