The bare minimum. That is what the vast majority of financial institutions surveyed for the ThreatMetrix 2012 State of Cybercrime Study are doing to protect themselves against fraudsters, said Andreas Baumhof, chief technology officer for ThreatMetrix, a San Jose, Calif. based company focused on cyber crime.

“Most financial institutions aren't doing more than the minimum,” he said in an interview.

The survey asked IT executives at financial institutions and retailers how important stopping online fraud is to them.  Ninety-three percent said it was very important.

However, most had only “baseline” self-defense tools in place, said Baumhof, who elaborated that the usual tool set consisted of internal firewall, gateway anti-virus/malware, gateway firewall, intrusion detection/prevention and security management systems.

“Many FIs seem to be doing only as much as they have to to comply with regulations, and that isn't good enough,” said Baumhof. He said well-funded cyber crime organizations are continually building new attacks and so an organization needs to take a proactive posture to keep itself defended against what is coming tomorrow.

That is not happening at many financial institutions, said Baumhof.  “In today's world, it's not enough to look at the current attack vectors. The bad guys are moving very fast – we need to move towards more of a holistic view of cybercrime and how to prevent it.”