Article Preview
TopIntroduction
Organizations in the Global Financial Services Industry (GFSI) often ensure that the Confidentiality, Integrity or Availability (CIA) of their data assets is assured. Goodhue and Straub (1991) offer several reasons why firms in the financial services sector may be more wary of breaches and threats relative to other businesses. The reasons they espoused include: a) over-reliance on information systems (IS) use in their operations; b) potential for large losses emanating from breaches in their operations; and c) the need to maintain a good public image and assure the confidentiality and integrity of their data and IS assets. In addition, GFSI are subjected to strict regulatory oversight (Ramady & Kantarelis, 2009; Delimatsis, 2013; Fernandes, 2013). Indeed, the DTTL (2012, p.2) concluded that “[w]ith increasing business demands and evolving regulatory frameworks, information security is a top priority for financial services industry organizations.”
It is worth noting that “it is impossible to ever achieve a state of perfect security in which all risks [and threats] are mitigated to a level that is acceptable to the business” (Schatz, 2008, p. 94). To that end, practitioners in the financial services industry are advised to constantly assess their risk environment and adjust their programs to confront any emerging security threats in their industry (ISO/TR 13569, 2005; EDS, 2007). Jung, Han, and Lee (2001) noted that the majority of corporations, including those in the financial sectors face four main threats to organizational IS data assets: interception (the prevention of data from arriving at where it is headed), interruption (the break in data or information flow), modification (the alteration and adjustment of data or information), and fabrication (the reconstruction of data or information with the intent to deceive). Clearly, these threats present CIA concerns to GFSI.
Apparently, the desire to focus on information security threats and subsequently gain an understanding of such concerns in GFSI has made practitioners in the industry to investigate and report such issues. Some firms including PricewaterhouseCoopers and Deloitte Touche Tohmatsu Limited (DTTL) have provided insight on such issues in their industry. This study will make use of the DTTL reports as their publications, which have been produced over a decade, have received the attention of IS security scholars (e.g. Ifinedo, 2009a; 2009b; 2013). These surveys attempt to educate GFSI’s practitioners about information security threats; they also provide comparative insights across regions of the world. Key findings in the latest survey for 2012 are available online (DTTL, 2012). Information from such sources is important given the ever-growing cybercrimes in modern organizations (Murthy, Nagadevara, & De', 2010).
Information in the 2012 DTTL survey provide relevant information about pressing information security threats and controls in GFSI, and regional differences on such issues are provided. However, the report did not provide information related to the influences arising from socio-economic factors. This layer of information may be useful for leaders of GFSI as they manage the attitudes and perceptions of their employees on such issues given that prior researchers have shown that contextual factors notably those of socio-economic underpinnings matter in such discourse (Milberg, Smith, & Burke, 2000; Bagchi, Kirs, & Cerveny, 2006; Bia & Kalika, 2007; Chen, Medlin, & Shaw, 2008; Ifinedo, 2009a; 2013).