"The action and manifestation of risk is not necessarily evident to today's users in the way it was in the past, and that creates a big inherent challenge for a CISO," says Malcolm Harkins, CISO at Intel Corp.
"The first step is for banks to admit there is a problem before they can address it, and many bankers are still in denial," says Shirley Inscoe, author of the book "Insidious: How Trusted Employees Steal Millions and Why It's So Hard for Banks to Stop Them."
"Our role is changing in the fact that we see fraud being perpetrated in a new manner everyday via malicious software, banking Trojans and online theft," says Jean-FranÃ§ois Legault, senior manager of forensics and dispute services at Deloitte.
Insider fraud expert Shirley Inscoe says Citi is not the only financial institution that's doing a poor job of keeping up with employee misconduct. Few banking institutions grasp how damaging inside jobs actually are.
Three recent breach incidents, each involving the loss or theft of back-up drives, illustrate that some organizations are doing a better job than others in informing consumers about the steps they're taking to prevent more breaches.
Once a CEO understands the value and risks catered through mobile functionality, it is easier to discuss mobile innovations, policy and how the company can then strike a balance to meet customer and employee requirements.
The survey of local, state and federal IT security practitioners also shows a lack of faith in secure cloud computing. Half see insider threats and poor practices as their agencies' greatest vulnerabilities.