If there's one notion common to financial institutions of all sizes, it is confidence -the need to have shared trust with employees, partners and especially customers.
And if there's one common theme emerging from the inaugural State of Banking Information Security survey, it's that security leaders express this confidence in contradictions.
On one hand, survey respondents tell us they:
- Grade their institutions' ability to counter threats as "very good" or "excellent" (64%);
- Generally believe their customers share confidence that the institution's security measures are adequately protecting critical information.
But then, on the other hand, they say they really have no reason to support such confidence, revealing:
- 21% have either suffered a security breach during the past two years, or don't know;
- Two-thirds outsource Internet banking systems to third-party service providers, yet admittedly have only moderate confidence in their vendors' security controls;
- Nearly three-quarters (73%) assess themselves as "average" to "failing" when it comes to security awareness efforts with customers.
These are among the key findings of the State of Banking Information Security 2008 survey. Throughout the month of December 2007, Information Security Media Group (publisher of BankInfoSecurity.com and CUInfoSecurity.com) conducted its first-ever survey of U.S. banking institutions. In all, nearly 300 banks and credit unions responded, representing institutions of all sizes and geographies.
Click Here to view The Executive Overview of the survey results.
Information Security Agenda for 2008
In their responses to our questions, institutions are clear in articulating their platform for action in 2008:
- Information Security Plans Must be Documented & Shared - It isn't enough to have a Business Continuity Plan or an Incident Response Plan; although they both are part of an important start. These documents must be documented, updated, communicated throughout the institution and to customers, and they also must take into account the security of data in the hands of third-party service providers.
- Vendor Management Must be Improved - Too many institutions are limiting their due diligence to customer references and SAS 70 reports. Going forward, they need to understand their vendors' security measures, and they must show evidence that they have inspected and ensured the safety of critical information when it's in third- or fourth-party hands.
- Customer Education is Insufficient - Statement stuffers alone won't cut it. More than any other industry, banking institutions need customer trust to survive. To secure this trust, they must demonstrate proactive efforts to educate customers about online banking safety and the risks of identity theft - including phishing, which occurs via email and telephones outside of the institutions, but still can cause untold damage and erode customer confidence.
For more information on the State of Banking Information Security Survey or Information Security Media Group, contact Tom Field, Editorial Director, at firstname.lastname@example.org. Click Here to see the Executive Overview of the survey.
About Information Security Media Group
Based in Princeton, N.J., Information Security Media Group publishes BankInfoSecurity.com and CUInfoSecurity.com, which are your one-stop portals for the latest news, insights and education on the top information security issues facing U.S. financial institutions today. Through articles, webinars, podcasts, customized training and sponsored content, our team is committed to providing up-to-date information on the security regulations, threats, solutions, training and career trends that most impact banks, credit unions and other related enterprises.