Financial Crime World

Here is the article rewritten in Markdown format:

Cybersecurity in Finance Industry: Key Findings Emerge from Deloitte Study

============================================================

A recent survey conducted by Deloitte has shed light on the current state of cybersecurity practices among financial services institutions (FSIs) in Ireland, revealing a diverse range of strategies, structures, and budget priorities. The study, which surveyed chief information security officers (CISOs) from over 50 companies, highlights the importance of effective risk management approaches and practices in protecting against cyber threats.

Budget Not the Only Factor

According to the findings, while budget is crucial for cybersecurity initiatives, its impact is often overshadowed by how a program is organized and governed. The study discovered that some companies with below-average budget allocations achieved high maturity levels, while others with higher spending were less advanced. This suggests that factors beyond budget play a significant role in determining cybersecurity effectiveness.

Accountability at the Top

One key differentiator between adaptive respondents and those from lower maturity level companies was the level of accountability at the top. Boards and management committees from adaptive companies demonstrated a greater interest in cybersecurity strategy, budget, operational roles, and progress, compared to their peers. In contrast, boards from less advanced companies reported limited involvement in reviewing current threats, program progress, and security testing results.

Shared Responsibilities

The study also found that shared responsibilities make a significant difference in the effectiveness of cybersecurity programs. While most respondents had a fully centralized cybersecurity function, those from adaptive companies were more likely to favour a hybrid approach, combining centralised functions with business unit and/or regional strategy execution capabilities.

Multiple Lines of Defence

Moreover, multiple lines of defence were maintained by the majority of respondents from adaptive firms, featuring separate independent lines of cyber defence – one at frontline units and another for organisation-wide cyber risk management operations. This multi-layered approach helps to mitigate the risks associated with cyber threats.

Conclusion

The findings of this study offer valuable insights for FSIs in Ireland, highlighting the importance of effective governance, shared responsibilities, and multiple lines of defence in protecting against cyber threats. By learning from the experiences of peers, these institutions can refine their cybersecurity strategies and better protect their people and systems.