Security News > 2008 > February > The State of Information Security 2008
http://www.bankinfosecurity.com/articles.php?art_id=688 By Tom Field Editorial Director BankInfoSecurity.com February 4, 2008 If there's one single notion common to financial institutions of all sizes, it is confidence -the need to have shared trust with employees, partners and especially customers. Without this confidence, banking institutions cannot succeed. And if there's one common theme emerging from the inaugural State of Information Security survey, it's that security leaders express this confidence in contradictions. On one hand, survey respondents tell us they: * Grade their institutions' ability to counter threats as "very good" or "excellent" (64%) * Generally believe their customers share confidence that the institution's security measures are adequately protecting critical information But then, on the other hand, these same respondents say they really have no reason to support such confidence - theirs or their customers' -- revealing: * 21% have either suffered a security breach during the past two years, or don't know * 35% have been a victim of a phishing attack during the past year * 61% do not test their Incident Response Plan annually * Two-thirds outsource Internet banking systems to third-party service providers, yet admittedly have only moderate confidence in their vendors' security controls * Nearly three-quarters (73%) assess themselves as "average" to "failing" when it comes to security awareness efforts with customers These are among the key findings of the State of Information Security 2008 survey. Throughout the month of December 2007, Information Security Media Group (publisher of BankInfoSecurity.com and CUInfoSecurity.com) conducted its first-ever survey of U.S. banking institutions. In all, nearly 300 banks and credit unions responded, representing institutions of all sizes and geographies. [...] ___________________________________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn