Financial Crime World

Here is the rewritten article in markdown format:

Financial Institutions’ Cybersecurity Efforts Leave Room for Improvement

A recent survey by Deloitte’s Center for Financial Services has shed light on the varying levels of cybersecurity maturity among financial institutions (FSIs). While some organizations have implemented robust measures to protect themselves against cyber threats, others still lag behind.

Multiple Lines of Defense

The study found that many FSIs maintain multiple lines of defense, with 75% of respondents from adaptive companies having two separate, independent lines of cyber defense. This includes security at the frontline units and organization-wide cyber risk management operations.

Cyber Risk Exposure

However, when it comes to cyber risk exposure, the picture is less rosy. Only half of respondents from informed maturity level organizations said they had purchased adequate cyber insurance to cover almost all expected loss scenarios, while one-quarter had insurance to cover at least one-half of their anticipated exposure.

Resource Allocation

The survey also revealed that larger FSIs may not be allocating enough resources to their cybersecurity programs. While 20% of IT budget is considered high by Deloitte’s experience working with clients, analysis of available survey data suggests that cyber risk management budgets for large FSI companies can range from 5% to 20% of the total IT budget, with an average of around 12%.

CISOs’ Roles

Furthermore, the study found that CISOs often spend too much time on tactical roles and not enough on strategic planning. This is a concern, as the job has become increasingly complex, and CISOs need to be able to advise management teams and boards on cybersecurity matters.

Recommendations for Improvement

To improve their cybersecurity capabilities, FSIs are advised to take several steps:

  • Proactively engage with the board of directors on cybersecurity matters.
  • Engage the entire organization in cybersecurity awareness and training.
  • Provide multiple lines of defense to support the central cyber risk management team.
  • Alter the mix of a CISO’s responsibilities to focus more on strategic planning and less on tactical roles.

Collaboration is Key

The Deloitte study suggests that collaboration is key to staying ahead of cyber threats. FS-ISAC’s efforts demonstrate the importance of working together across the financial services industry and within individual sectors to share knowledge and best practices.

Conclusion

As the cybersecurity landscape continues to evolve, it is essential for FSIs to prioritize their cybersecurity efforts and strive for continuous improvement. By doing so, they can better protect themselves against cyber threats and maintain the trust of their customers.

About Deloitte

Deloitte’s Center for Financial Services provides thought leadership, research, and analysis on key issues affecting the financial services industry. The center aims to help FSIs navigate the complexities of the market and make informed decisions about their business strategies.