The State of Information Security 2008

The State of Information Security 2008
The State of Information Security 2008 

By Tom Field
Editorial Director
February 4, 2008 

If there's one single notion common to financial institutions of all 
sizes, it is confidence -the need to have shared trust with employees, 
partners and especially customers. Without this confidence, banking 
institutions cannot succeed.

And if there's one common theme emerging from the inaugural State of 
Information Security survey, it's that security leaders express this 
confidence in contradictions.

On one hand, survey respondents tell us they:

* Grade their institutions' ability to counter threats as "very good" or 
  "excellent" (64%)

* Generally believe their customers share confidence that the 
  institution's security measures are adequately protecting critical 

But then, on the other hand, these same respondents say they really have 
no reason to support such confidence - theirs or their customers' -- 

* 21% have either suffered a security breach during the past two years, 
  or don't know

* 35% have been a victim of a phishing attack during the past year

* 61% do not test their Incident Response Plan annually

* Two-thirds outsource Internet banking systems to third-party service 
  providers, yet admittedly have only moderate confidence in their 
  vendors' security controls

* Nearly three-quarters (73%) assess themselves as "average" to 
  "failing" when it comes to security awareness efforts with customers

These are among the key findings of the State of Information Security 
2008 survey. Throughout the month of December 2007, Information Security 
Media Group (publisher of and 
conducted its first-ever survey of U.S. banking institutions. In all, 
nearly 300 banks and credit unions responded, representing institutions 
of all sizes and geographies.


Subscribe to InfoSec News 

Site design & layout copyright © 1986-2014 CodeGods