|
Gap Between Security Goals and Performance in Financial Services
OMAHA, Neb. -- Solutionary, Inc., a managed security services provider (MSSP), in conjunction with Espiria, an information security services company specializing in program design, jointly published "Security in Financial Services" report. Based on a self assessment of 46 financial institutions, the report featured more than 384 questions covering almost 2,800 discrete security controls. The methodology, SecurCompass, is based on widely accepted security standards and consists of a risk-based security goal selected by management and a security program performance rating. Both are rated on the same zero to five scale, five representing the highest level of security.
Some highlights from the report:
Financial institutions set the highest security goals of any industry, averaging 4.0. Other industry segments set average security goals considerably lower, in the 3.0 - 3.5 range. This appropriately reflects the higher risk that financial institutions face from cyber crime as well as their long history of regulation.
Financial institutions had higher security program ratings than other industry segments. Financial institutions averaged a 2.4 versus average performance across all industries of 1.7. Some financial institutions did considerably better, achieving security scores up to 3.9.
The report identified a significant gap in performance between professed risk-based goals and actual security performance (4.0 vs. 2.4, respectively). Further, while no institution was achieving its goal, some were close (.4 was the smallest gap identified) while some had very material gaps (3.2 was the highest gap identified).
Go Back
|
