Nearly a quarter of the world's banks were hit by security breaches in the past year, a study shows.
Top threats include vulnerabilities in mobile technologies and social media, financial fraud and "hacktivist" groups, according to the Deloitte 2012 Global Financial Services Industry Security Study.
The study gathered responses from more than 250 banking and insurance organisations in 39 countries.
While 80% of banks considered their security systems to be of a good standard, nearly 25% had experienced security breaches in the past 12 months, said Adel Medek, managing director of global enterprise risk services at Deloitte.
About 40% of the 46 major insurance companies surveyed reported breaches in the same period.
Related stories 2012 Information Security Breaches Survey The cyber-savvy CEO and growing cyber threats Many top UK executives still do not understand cyber threats, says ISSA SMEs struggling in the face of BYOD and new cyber threats Websense launches cyber security intelligence services US business takes lead in cyber threat risk awareness
However, Medek said the figures are likely to be understated because most organisations refer to a breach only when they can link it to fraud, according to Australian reports.
The survey identified the top three information security threats as financial fraud, employee error and breaches of information on databases.
Respondents said the biggest barriers to information security are inadequate budgets and increasingly sophisticated threats.
The survey revealed, however, that Asia-Pacific companies are not concerned about budgetary limitations, which is ascribed to a stronger economy and smaller exposure to Europe's financial weakness.
Top three data security threats Financial fraud Employee error Breaches of information on databases.
Cybersecurity has become the top global technological issue, according to the study, which found that companies are paying greater attention, but still need to develop strategies to manage the threat.
Two-thirds of respondents indicated there is an element of engagement between security and business functions, which has been missing in the past.