Australian financial institutions are global leaders in privacy regulation, but they are the worst at handling information security threats, Deloitte's 2007 Global Security Survey found.
The top three breaches that were repeated the greatest number of times were e-mail spam attacks, viruses/worms and phishing/pharming, which is identity theft.
"All of these breached were perpetrated via the customer, for example customers as unwitting providers of sensitive information and conduits into financial institutions," Deloitte security and risk partner Julie Priest said.
This is due to online social changes which include the acceptance of online shopping and payment, the popularity of social networks, like Facebook, and the number of virtual world identities, like Second Life.
Deloitte identified a security paradox. Less than two-third of business have an information security strategy, but only 10 per cent have their information security led by business chiefs.
"While the information security incidents continue to grab the attention of business executives, ownership of the underlying problems is still perceived to rest with IT," she said.
Identity theft is the number one issue organisations are concerned about, Deloitte found.
E-mail attacks top the list of external security breaches financial institutions experienced in the past year.
Two-thirds of respondents did not feel they should be accountable for protecting the computer of customers who bank on-line.
Deloitte's fifth annual survey had responses from 169 global financial services institutions from 32 countries.
