Financial institutions might be spending more on IT security but they continue to struggle and many are now starting to realize that the big problem is with people. Either with their own employees, or third parties. And despite all the money, they admit there's no easy solution.

The Deloitte 2007 Global Security Survey, which you can access here found that 91 per cent were concerned about employees and 79 per cent cited the human factor as the root cause of Information Security failures.

The increasing number of security breaches is also closely aligned to online social changes that include the acceptance of online purchasing and payment as a legitimate day to day activity, the take-up of devices plugged into networks and online systems, more people using social networks such as Facebook and the growing number of virtual world identities through such phenomena as Second Life.

That might have enormous implications for where fraudsters and hackers pick their targets in the future.

But at the same time, almost a quarter (22 per cent) of respondents had provided no employee security training over the past year and less than a third (30 per cent) said their staff was skilled enough to respond to security needs.

The report also an alarming global skills shortage of people competent enough to handle security breaches. This does not necessarily mean a shortage of people skilled in IT. It's more a case of having people skilled in BOTH IT and business. They are in short supply.

According to the report, it goes to the heart of security paradox: the growing gap between the awareness of the problem and what management is actually doing about it. Information security incidents might grab the attention of executives but ownership of the underlying problems is still dumped on IT departments!