Internal information security attacks are out-pacing external ones at the world’s largest financial institutions, according to a survey released today by a financial services industry practice group of the member firms of Deloitte Touche Tohmatsu.

According to the 2005 Global Security Survey, 35% of respondents said they had experienced attacks from inside the firm within the last 12 months (up from 14% in 2004) compared to 26% from external sources (up from 23% in 2004).

Half of Canadian respondents said they had experienced some form of information security breach, but with privacy and governance issues driving regulatory initiatives in Canada, 78% of respondents said they had the commitment of management and the adequate funding to address security requirements.

The practices of “phishing” and “pharming”, luring people to give sensitive information by using bogus emails and Web sites, were two new additions to the top security threats financial institutions faced in the past year, highlighting the human factor as a new weakness in the security chain.

The survey suggested that increased threat of internal attacks in relation to external ones was partly a function of the use of anti-virus software and other methods to blunt the attack coming from outside the company.

The survey also suggested that security training and awareness isn’t an important of a priority to chief information officers as it should be, as just 46% of respondents have training and awareness initiatives scheduled for the next 12 months. Regulatory compliance (74%) and reporting and measurement (61%) were farther up the list in terms of priority.

The third annual Global Security Survey acts as global benchmark for the state of I.T. security in the financial sector and consisted of interviews with senior security officers from the world’s top 100 global financial institutions.