Companies are busy ramping up their use of both social media and online platforms and systems. So, regulatory frameworks are continually evolving to ensure the financial services industry remains secure.
As a result, most organizations have become more proactive in implementing innovative security measures and creating greater awareness of threats within their businesses, says the 2012 Deloitte Global Financial Services Industry Security Study.
The challenge for most businesses is figuring out how to cover the cost of information security initiatives, while also trying to stay competitive and on top of new threats and emerging technologies.
The study looked at financial companies in more than 30 countries worldwide, including the leading banks and insurance institutions by revenue.
For most of these companies, the top three priorities for 2012 were staying on top of information security governance, maintaining effective identity and access management, and developing information security strategies.
Consistent with prior years, they cited a lack of sufficient budget (44%) and the increasing sophistication of threats (28%) as their primary barriers.
Also, the increased use of social media by employees has caused 37% companies to revise organizational policies, while another 33% are educating users on social networking to address possible security risks.
And “many are planning to deploy mobile VPN, central device management, and mobile device management software to combat risks. But, more than 50% of institutions haven’t yet planned for deployment of anti-phishing software, employee and customer-facing applications, and data loss prevention for mobile devices,” say the study.
They’re also keeping tabs on cyber threats to their private data. After the serious data breaches experienced by Apple and LinkedIn, for instance, this past year, business are putting dedicated privacy resources in place. They’re focusing on protecting their sensitive information and formalizing the privacy function.
Banks in particular are aware of their vulnerability. They say, “Excessive access rights, security policies and standards that have not been operationalized, and a lack of sufficient segregation of duties are listed as the top three concerns by external auditors.
Most lack the funds to develop new software and processes, but many have purchased cloud-computing services. Banks say the benefits of these services outweigh the security risks. Risks are associated with how data can be potentially easily accessed, how it’s separated and stored, and how and where it’s transferred. Read more on the top 5 risks of cloud computing.
So too do the benefits of social media, with nearly 75% making use of various social platforms. But, companies say they’ve developed security policies and technical controls to deal with data sharing.
“When it comes to adoption of mobile devices, banks say the top three security controls are enhancing the consumer acceptable use policy, integrating consumer device security into awareness campaigns and enforcing complex passwords,” the study finds.
Overall, “As banks adapt to increased financial regulatory pressure and adopt new technologies to stay competitive, they are also challenged with managing business expectations [and meeting their financial goals].”
Insurers are also facing the same obstacles, with many “bracing for the impact of more stringent consumer financial laws, as well as the risks associated with the newer technologies needed to meet the growing demand for virtual operations.”
The study finds company employees are demanding more virtual and mobile services. So, the majority (80%) of support employee-owned or corporate-owned mobile devices despite the risks. In fact, more than half (57%) says they’re adequately equipped for protecting customer sensitive data.