Financial Crime World

Here is the article rewritten in markdown format with proper headings, subheadings, and bullet points:

Financial Institutions’ Cybersecurity Functions: A Survey of the Latest Trends and Best Practices

======================================================

A recent survey by the Deloitte Center for Financial Services reveals that financial institutions (FSIs) are increasingly recognizing the importance of having a fully centralized cybersecurity function. The survey highlights several key areas where FSIs can improve their approach to managing cyber risks.

Centralized vs. Decentralized Approach

The survey found that two-thirds of large FSIs have adopted a centralized approach to managing cyber risks, while adaptive companies were more likely to favor a hybrid approach with decentralized cybersecurity teams supporting central management. This decentralized structure allows for greater flexibility and adaptability in responding to emerging threats.

Cybersecurity Maturity Levels

The survey highlights the need for FSIs to raise their game in terms of cybersecurity maturity levels. To achieve this, financial institutions should consider implementing multiple lines of defense, engaging the entire organization in cybersecurity efforts, and providing ongoing training and awareness programs.

Chief Information Security Officers (CISOs)

The survey also emphasizes the importance of CISOs reporting beyond the CIO and interacting regularly with non-IT stakeholders to better support management teams and boards. Currently, many CISOs spend most of their time in tactical roles, rather than strategic ones.

Investment Priorities

In terms of investment priorities, FSIs ranked mobile, cloud, and data/analytics as top priorities for adoption over the next two years. Embedding cyber defenses into these new digital initiatives was also seen as a critical business issue with security implications.

Key Takeaways

  • Two-thirds of large FSIs reported adopting a centralized approach to managing cyber risks.
  • Adaptive companies were more likely to favor a hybrid approach, with decentralized cybersecurity teams supporting central management.
  • Multiple lines of defense are critical in detecting and responding to cyber threats.
  • CISOs should report beyond the CIO and interact regularly with non-IT stakeholders.
  • Mobile, cloud, and data/analytics are top priorities for adoption over the next two years.
  • Embedding cyber defenses into new digital initiatives is a critical business issue with security implications.

Recommendations

  • Engage boards proactively on cybersecurity issues.
  • Provide ongoing training and awareness programs for employees.
  • Alter the mix of CISO responsibilities to focus more on strategic advisory roles.
  • Implement multiple lines of defense to detect and respond to cyber threats.
  • Prioritize investments in mobile, cloud, and data/analytics security.

By implementing these recommendations, FSIs can better position themselves to stay ahead of emerging threats and improve their overall cybersecurity capabilities and maturity levels.