Hackers bigger threat than rogue staff

Most security attacks on financial services organisations are coming from outside the company - not from employees as widely thought.

Deloitte & Touche's 2003 Global Security Survey examined the security at 80 Fortune 500 financial companies, and found that 90 per cent of security attacks are coming from external sources.

"For as many years as I can remember, internal attacks have always been higher than external," said Simon Owen, Deloitte & Touche partner responsible for technology risk in financial services.

"Sixty to 70 per cent used to be internally sourced. But most attacks are now coming from external forces and that's a marked change."

The report showed that 39 per cent of respondents experienced a security breach in the past year, and only 10 per cent of those were generated internally.

"As organisations become more connected there are more doors people can rattle to get in," said Owen.

There seems to be an increased awareness of security, but it is not as widespread as it should be. Some 80 per cent of respondents said they had a security policy, but only 47 per cent of those companies said the strategy was "embraced by line and functional leaders".

"The majority of organisations have a security policy, but the majority said the organisation doesn't buy into it," said Owen.

"We have to raise the gambit and education is needed to stop the security department churning out paper and nobody taking any notice."

And banks do not fully understand what a major security attack could do.

"I think they're aware of the nuisance and disruption factor, but I don't think these organisations have taken into account the potential impact on brand and reputation, on the customer base, market profile and regulatory impact," Owen said.