Monday, November 03, 2003

Information Security: Room for Improvement

Bank Systems & Technology > Information Security: Room for Improvement: "

Ivan Schneider
November 3, 2003

A recent Ernst & Young survey of 56 financial institutions in the U.S. and Canada reveals that there's room for improvement in information security practices at financial institutions, particularly in the frequency and quality of communications about incidents, security policies and business unit requirements. The survey sample included 17 commercial or consumer banks, 22 insurance companies, 13 investment banks and four other financial firms.

The top five reported problems: viruses/worms, employee misconduct, denial-of-service attacks, loss of customer data and amateur hackers. From these threats, security has attained a higher profile within the industry. 'There has clearly been an elevation of information security to a senior leadership position within the organization, as well as to the board level,' says William Barrett, partner at Ernst & Young LLP (New York).

But the topic may not make the agenda often enough. 'It's still a little surprising that 43 percent do [board-level security reports] annually or longer,' says Barrett. 'Where you have identified gaps in information security or vulnerabilities...you would want to have a quarterly update to the board of directors around how you're closing those gaps.'"