Listen to this article
Internal security breaches have become a greater threat to financial institutions than external hacking, according to a survey published on Wednesday.
The survey by Deloitte of the world's top 100 financial institutions found a sharp drop in external IT attacks less than a third had experienced an attack in the past 12 months, compared with 83 per cent a year earlier.
However, security breaches inside organisations for example employees planted by criminal gangs to collect information more than doubled.
Some 35 per cent of companies had suffered this kind of attack, compared with 14 per cent the previous year.
Simon Owen, partner responsible for the Deloitte security advisory practice, said financial institutions had spent a great deal of effort making their IT systems secure, with firewalls and anti-virus programmes. In response, criminals had reverted to older forms of attack.
The UK's Financial Services Authority warned last year of increasing evidence that criminals were placing staff inside banks, and there are suspicions this occurred in an attempt this year to steal £220m ($401m, €330m) from the Japanese bank Sumitomo.
Efforts by management to implement corporate governance rules, such as those in the US, have made companies more lax about internal security. “It could be that management haven't had time to focus on the nitty-gritty. Perhaps with the pressure to implement these projects on schedule, they have provided their third party contractors with more privileges than they ordinarily would have done, just to get the job done,” Mr Owen said. The survey found only 65 per cent of companies trained staff to spot suspicious activities. Financial institutions are also failing to keep control over the IT they outsource to suppliers.
Almost three-quarters of the companies have outsourced at least one IT function, but 27 per cent do not conduct regular assessments of compliance with security requirements.