Deloitte 2005 Security Survey

#134 Deloitte's third annual Global Security Survey was produced with input from Chief Security Officers and security management teams from financial services industry organizations around the world. It attempts to provide broad insight around the question: How does the information security of my organization compare to that of my counterparts?

63 percent of survey respondents believe that security threats to their organisations are becoming increasingly sophisticated. This is aided and abetted by a severe lack of employee awareness and training, with 48 percent of respondents stating that this is a weakness in their organisation. Commonly listed threats included: poor screening of new employees; lackadaisical subcontractor controls; security-ignorant employees and deficient management processes. These internal issues were at the root of most security breaches.

Key findings of the survey:

1. Managing compliance now relies on input from multiple stakeholders including security and technology
2. Organisations need to be prepared for the changing nature of threats
3. While the number of overall security breaches is down, geography and stature of the organisation plays a key role in if it will be breached or not
4. There is a trend to having the Chief Information Security Officer (CISO) report to the highest levels of the organisation
5. The boards interest in security is no longer optional, its a requirement
6. The most effective way to cost justify the security function is to assess the value and impact delivered to the business
7. Identity and Vulnerability management: the role of these solutions in the compliance world is increasing
8. Training and awareness is cruicial but significantly lacking

This is well worth a read, even if you are not a financial institution.