Major players in the UK financial services industry are afraid that identity theft will make them look foolish.
So concerned are they by the "reputational risk" they are readily prepared to write off the financial hit, according to accountants Deloitte.
And this is despite identity theft possibly accounting for up to 40 per cent of total fraud losses in financial service organisations.
Iain Lownes, a director at Deloitte in Birmingham, said: "The organisations we spoke to consistently rated protection of reputation and brand as more important than defending themselves against direct financial loss.
"Some even saw superior protection against identity theft, such as fraud insurance or advanced authentication, as a commercial opportunity to differentiate themselves from their competitors."
The main worries for the sector were:
* Reputation - the need to manage internal and public perceptions of how safe and secure the institution is
* Legislation - complying with expanding and yet vaguely worded regulatory and legislative requirements
* Awareness - continually informing and educating customers, business partners and staff on potential threats and safeguarding against those threats
* Technological advances - combating the increasingly sophisticated identity theft techniques with appropriate technical countermeasures.
Mr Lownes said: "Despite the volume of requirements there is general agreement that regulation is not specific enough. The industry is looking for discussion with regulators to come to an agreement on clearly defined but consensual and flexible requirements."
Growing numbers of identity theft related incidents included phishing and pharming (attempting to obtain customer log-in details) attacks and moves to obtain advance fees by fraudulently seeking to use the organisations' brands.
Internal incidents such as customer identities being stolen by staff for onward sale, employees bypassing technical controls to access restricted customer details and staff stealing identities of other staff to obtain unauthorised access to systems, were also a big issue.
Another factor to the risk of fraud to financial organisations is increased outsourcing - the complex operating models mean that direct control over an organisation's data and IT systems can be compromised.
"The risk to personal information outsourcing presents are compounded where the service is off-shored as differing legal and regulatory systems and business standards, combined with geographical separation, make regular monitoring of controls much harder," Mr Lownes said.
"The financial services industry acknowledges that the current situation is not sustainable - identity theft is only going to increase and standards need to be raised. This is an incredibly complex problem which requires an increasingly cohesive approach."