In a recent survey conducted across major cities in Asia/Pacific, IDC Financial Insights found that 56% of information security professionals from the financial services industry are unaware of the number of security threats that their firms have encountered in the past 12 months. Out of those who are mindful of their firms' exposures, 37% could not provide details of the events. More insights are revealed in the report, “Business Strategy: 2011 Security Survey — The State of Information Security Within the Asian Financial Services Industry," which sheds light on the fundamental issues around core security initiatives in financial enterprises across Asia/Pacific.
"Such blatant lack of security event monitoring only serve to undermine the chances of discovering and reacting promptly to information security (IS) attacks,” says Li-May Chew, Associate Research Director, IDC Financial Insights Asia/Pacific Financial Advisory Service.
Chew adds that although it is encouraging to note that, for the most part, financial institutions have taken a proactive stance toward managing IT security risk, there remain variances between current implementations and best intentions, and between policies and practices in IT security management. Another one such variance is the fact that should there arise a need to pare down security expenses, 18% were prepared to have some of their vulnerable areas go unprotected.
"This is indeed quite disquieting to note, and we would advise financial institutions against doing so. Amongst several other reasons, we live in an environment of heightened threats -- it behooves organizations to maintain a robust security posture rather than opt not to secure some critical areas in the hope that luck would be on their side and they would not encounter security malfunctions,” Chew advises.
The report further reveals that punitive measures by regulatory authorities exert the most pressure on bankers, insurers, and financial market firms to invest in IS to ensure compliance with mandates. Unfortunately, hindrances exist in preventing the implementation of sufficient IS, with the core reason being a lack of investment budget (identified by 28.5% of respondents), increased sophistication of threats (22.0%), and a lack of senior management support (13.0%).
While capital remains precious, financial institutions are cognizant of the need to establish a fine balance between driving business strategies and enhancing IS controls, with 63% of respondents anticipating rising technology budgets for IS.
MORE ARTICLES ON SECURITY