Banks Balance Security and Customer Convenience
Deloitte & Touche LLP has released the results of its 2004 Global Security Survey of the financial services industry, revealing that the number of outside infiltrations of banking systems has more than doubled over a one-year period. Although banks believe they have policies and procedures in place to manage those threats, they will increasingly be squeezed to maintain an open, accessible relationship with customers, while preserving necessary security.
Deloitte surveyed 64 of the world's largest banks, financial institutions, and insurers, 81 percent of which have annual revenues in excess of $1 billion. A total of 83 percent admitted a security compromise, 40 percent of which resulted in measurable financial damage. Firms in the EMEA region--about half the respondent pool--were given the highest marks for their overall security readiness. U.S. institutions outspent their global peers, but lagged in clear documentation and delineation of security tasks, and showed a net loss in security positions over a one-year period.
"There's progress being made towards managing this issue, and an acknowledgement that it's not going away any time soon," says Ted DeZabala, national managing partner of Deloitte's security services group.
Although spending and oversight is up across the board, DeZabala believes banks are equipped to manage the problem in a transparent fashion. "You're going to see a lot more attention paid to the mechanisms that banks use to connect to everybody, but it doesn't necessarily mean [security] will be visible to the average customer," he says. "I think the banks will do their best not to make it an intrusive experience."
Out of 16 different areas of security controls, respondents indicated that they were adopting or piloting all but three at a lower rate than in 2003. Notably down were such next-generation technologies as smart cards and biometrics. DeZabala says that banks are choosing to focus more of their security efforts on identity management, rather than scattering resources across multiple systems. "Both access management, as well as provisioning systems, continue to be a big push, and I think will be something financial institutions will be implementing over the next couple of years," he says.
Ultimately, security may become a differentiating factor in the crowded financial services industry. More than 40 percent of respondents indicated that security is primarily a risk management activity, but roughly one quarter felt its most important purpose was to avert embarrassment for the company. "Security drives trust," DeZabala says. "It makes responding [to security incidents] more of a reputational issue."