Ben Katz doesn’t always sleep well. Vice-president of a Hauppauge, N.Y. brokerage firm, Zeus Securities, Katz is charged with keeping the firm’s technology systems safe from hackers and thieves. “Everyone (in the financial industry) has to worry about being a target” of data theft, says Katz. He says the concerns keep him up at night. “If someone wants to make you a target, they will, and they will sabotage you.”

Katz is not alone in worrying about a rash of viruses and attacks from hackers aimed at taking possession of customers’ personal identities or proprietary company information, or even funds that could be wired to some hidden account.

“To the extent small [brokers or other financial-type companies] are hooked up to the Internet, they’re unprotected,” says Robert Richardson, editorial director of the Computer Security Institute, a San Francisco-based organization that trains computer security professionals.

Viruses that make their way into computer hard drives hide on Internet sites, and Richardson says they are now the biggest problem most companies face.

And because of it, businesses are losing big money.

Richardson is co-author of an annual computer-security study that Computer Security Institute publishes in conjunction with the FBI. The latest survey found that corporate and institutional computer break-ins increased slightly last year over 2003, but that average financial losses from those break-ins had fallen, with the exception of two major categories — unauthorized access to data and theft of proprietary information.

In 2004, the survey revealed that the average loss from unauthorized data access rose to $303,234, from $51,545 in 2003. The average losses from information theft climbed to $355,552, from $168,529, in 2003. Respondents sustained total losses in the two categories of about $62 million last year.

The picture is not pretty, experts say, and is getting worse as companies large and small merge with other businesses in the United States and overseas.

“The larger [brokerages] have elaborate security and professionals on staff dedicated to computer security,” says Warren Kruse, director of information technology consulting at Kroll Associates, an investigative firm in New York.

“But we still find vulnerabilities in the larger systems because they don’t always know what they’re connected to,” Kruse said. “They’ll make an acquisition, and now they’re taking on all the security risks of that acquisition.”

Businesses do try to keep their data safe. Firewalls, spyware and anti-virus software are among the weapons they use, but in the cat-and-mouse game between companies and hackers, hackers often seem to have the upper hand, experts say.

Alan Davidson, founder and president of Zeus Securities, the Hauppauge brokerage firm, figures his computer systems are protected.

Yet something gnaws at him much of the time.

“We all get viruses,” Davidson says. “This miserable breed (hackers) gets some kind of vicarious thrill out of destroying somebody’s files. It’s outrageous.”

Davidson and others point to the need for stronger legislation. Some laws have been approved, but most of them seek to protect consumers, not businesses.

In 1999, Congress passed the Gramm-Leach-Bliley Act, which calls for individuals to be informed about the privacy policies and practices of financial institutions, so that consumers can use that information to make choices about financial institutions they wish to do business with.

In 2003, California passed the Security Breach Information Act (SB-1386), which dictates that organizations must notify individuals if the security of the organization’s information has been breached.

Companies have little choice but to keep their eyes on their computer screens — and keep up-to-date with the latest anti-virus software packages to hold the bad guys at bay.

“Everybody is in the same boat,” says Robert Houghton, founder and president of Redemtech Inc., technology recovery specialists in Reno, NV. “But the stakes are a lot higher for financial firms” because lots of money is at risk.

One of the key problems, Houghton says, is that many companies do not have a centralized policy requiring strong data security procedures. Instead, he says, such policies are left to individual units of a large company. “Very typically, you might have five or 10 or 5,000 offices [within a corporation]... But if data security matters are allowed to be handled at the local level then you can almost be guaranteed that you will have inconsistencies that lead to failure in the process.”

His solution: “As a starting point, I think [businesses] need to establish a centralized policy that they enforce because the downside risk is quite onerous.”

Two of the nation’s largest banks — Wachovia Corp. and Bank of America — were red-faced this past spring when they had to notify thousands of their customers that their financial records may have been stolen. Police believe company employees were responsible. The investigation is continuing.

Neither Wachovia nor Bank of America would discuss any of their security procedures, as is standard for companies. But experts said that the protections banks use to thwart hackers — firewalls and encryption — have little ability to stop ill-intentioned employees who are authorized to access secure information.

But some experts think banks could do more.

“There are a lot of ways banks could make their systems more secure to their customers,” says Edward Maguire, a research analyst at Merrill Lynch in New York. “But the dirty little secret is that the costs of fraud are not compelling enough to force the banks to spend an additional amount per customer.”

Maguire estimates brokerages spend only five percent to six percent of their information technology budgets on security. They should be spending in the low teens, he says.

“It takes these high-profile incidents [such as at Wachovia and Bank of America] to force companies to take any action at all,” Maguire maintains.

Break-ins of various types are more likely to increase in the future as computers become more and more like everyday utilities, such as telephones, and even the smallest of companies can’t function without them.

That brokers and other business people are concerned is a good sign, says Kruse, of Kroll Associates.

“The attacks are getting more sophisticated,” Kruse says. “The attacks can happen from anywhere in the world to anywhere in the world. Many times, when we find a problem, we find that the organization wasn’t worried about one. You don’t have to be paranoid, but it’s good if there’s a little worry.”