Deloitte Security Survey: Financial Institutions Making Identity and Access Management Tools #1 Priority
- Data loss prevention has taken on greater urgency: Data loss is caused by an intended or unintended action on the part of an organization’s people. When asked to characterize their ability to thwart internal breaches, only 34 percent of respondents are “very confident”; however, that response rises to 56 percent when respondents are asked about their ability to thwart external breaches. Respondents indicate that, in addition to encryption, data loss prevention will be the most piloted technology in the next 12 months.
- Regulatory compliance is a key priority for financial institutions: Financial institutions are clearly expecting more regulatory pressure. Respondents to the survey include regulatory and legislative compliance as one of their top five initiatives and are hiring more internal auditors to resolve internal and external audit findings in preparation.
- Business alignment is still lacking: While 87 percent of respondents either have, or plan to have, a security strategy within the next 12 months, respondents reveal that security functions do not get input or involvement from the lines of business when the strategy is being developed; this indicates that strategy development tends to be driven by the security function rather than driven by business goals. Given this, as well as increased spending, the security function must now be prepared to demonstrate ROI to further cement this trend as well.
- Insurers are ahead of banks in planning to tackle certain security initiatives: For the first time, Deloitte’s survey breaks out sector-based comparisons. While banks appear to have a stronger security posture than other financial services institutions, insurers are quickly catching up. Of key 2010 priorities, insurers have a bigger appetite for identity and access management (a priority by 51 percent of insurance organizations and only 44 percent of banks) and data loss prevention technologies (32 percent versus 25 percent).
- For the first time, organizations appear eager to embrace emerging technologies to combat threats: Organizations are now proactively embracing new technologies as “early majority adopters,” where, in the past, they were content to be “late adopters.”