Nearly 40 percent of banks' systems have been compromised at least once this year, a report by Deloitte Touche Tohmatsu has revealed.
The firm's 2003 Global Security Survey of Financial Institutions report spoke to senior IT executives from a huge range of companies right across the globe and revealed what many people have suspected - that banks' computer are constantly under attack and occasionally compromised but the institutions can't afford to admit it publicly.
Security is, unsurprisingly, something they are taking very seriously. Nearly all said they were concerned over the increasing sophistication of attacks - something that the report say they are right to worry about.
They also claim to recognise the value of educating employees over what to look out for and what not to do (although as any sysadmin will you, no matter how many times you shout "don't open any attachments", as soon as "BritneySpears.doc.src" appears, all rational thought goes out the window).
The percentage of IT budgets spend on security is also on the increase, averaging across the world to between 6 and 8 per cent. Deloitte Touche Tohmatsu feels this is still too small though. Just under half of them have increased IT security staff over the last year and the post of the Chief Security Officer is a growing phenomenon. Over three-quarters are planning to install PKI high-security technology. About the same number are also looking at smart cards. Wireless security is the hot new topic.
Interestingly, however, the report separates up attitudes to security into regions. Europe is the most motivated by fear of exposure and complying to rules and regulations and has the highest sense of responsibility as a result. Asia on the other hand is conservative and conformist and made up of late adopters.
LACRO - which is a new nonsense acronym on us and stands for Latin America and Caribbean Regional Office - are defined as "fast followers". Whereas Canadians are early adopters and spurred on by what their competitors do. The US, of course, comes top of the class being just great in every category of security - a situation spurred on by the New York terrorist attacks in 2001, the report suggests.
Despite all this however, only five percent of companies are "extremely confident" that their systems are protected from those either outside the organisation or inside seeking to cause trouble or sniff about. Which is a bit depressing. Or maybe security execs are just naturally pessimistic.