Financial Crime World

Financial Institutions Rethink Cybersecurity Strategy, Execution

Introduction

A recent survey conducted by Deloitte reveals that financial institutions (FSIs) are taking a more proactive approach to cybersecurity. The study highlights the importance of size, ownership, and innovation in shaping an FSI’s cybersecurity strategy.

Multiple Lines of Defense

The majority of adaptive firms maintain two separate lines of cyber defense:

  • Security at front-line units
  • Organization-wide cyber risk management operations

This approach helps distribute cyber risk exposure and provides a more comprehensive defense against threats.

Outside Support

FSIs are increasingly seeking outside support for their cybersecurity functions, with 25% relying on external sources such as “red team” operations to test their preparedness against cyber attacks.

Size Matters

The study found that larger FSIs tend to allocate more resources to cybersecurity, with some dedicating up to 20% of their IT budget to this area. However, the majority (50%) reported spending $20 million or less on cybersecurity, which may not be sufficient to mitigate potential breaches.

Ownership Structure

Publicly held FSIs are more likely to spend more on cybersecurity than privately owned institutions, with an average allocation of 14% compared to 10%.

Innovation and Emerging Technologies

CISOs at large FSIs prioritize innovation and emerging technologies such as:

  • Cloud computing
  • Data analytics
  • Social media

in their cybersecurity strategies.

Recommendations for Improvement

To stay ahead of evolving cyber threats, Deloitte recommends that FSIs:

  • Proactively engage the board on cybersecurity matters
  • Engage all employees in cybersecurity awareness and best practices
  • Provide multiple lines of defense against cyber attacks
  • Alter the mix of a CISO’s responsibilities to focus more on strategy and less on technical execution

Next Steps

As cybersecurity remains an integral function for FSIs, ongoing challenges will require continued adaptation and innovation. Future surveys may seek to create benchmarks for cybersecurity spending and headcounts by maturity level and company size. Collaboration across the financial services industry is also crucial in remaining secure, vigilant, and resilient against cyber threats.

Sources:

  • Deloitte Center for Financial Services
  • FS-ISAC (Financial Services Information Sharing and Analysis Center)