Financial Crime World

Financial Institutions Must Step Up Cybersecurity Efforts to Stay Ahead of Evolving Threats

A recent study by Deloitte reveals that financial institutions (FSIs) are struggling to keep pace with the ever-evolving cybersecurity landscape. While some FSIs have made significant strides in developing robust security protocols, others are lagging behind and leaving themselves vulnerable to cyber attacks.

Key Findings

  • Larger FSIs tend to spend more on cybersecurity than smaller ones, but even among large institutions, many may not be allocating enough resources to effectively manage their cyber risk.
  • Nearly half of all respondents from the financial services industry reported that they do not have a dedicated budget for cybersecurity, and one-third of those that do have a budget spend less than 1% of their revenue on it.
  • Publicly held FSIs tend to spend more on cybersecurity than privately owned ones, likely due to concerns about reputational damage and regulatory scrutiny.

Commonalities Among FSIs Ahead of the Curve

  • Presence of a dedicated cyber risk management team, which can help to coordinate efforts across different business units and regions.
  • Engagement of the entire organization in cybersecurity efforts, including employees who may not be directly involved in IT or security.

Strategies for Improving Cybersecurity Posture

  • Proactively engage with the board of directors on cyber risk management, providing regular updates and metrics to keep them informed.
  • Embed cybersecurity practices and personnel within business units and regional offices.
  • Alter the mix of a CISO’s responsibilities to focus more on strategy and advisory roles.

The Importance of Collaboration and Benchmarking

  • As threats continue to evolve, FSIs must work together to share best practices, learn from each other’s experiences, and develop common standards for cybersecurity.

Conclusion

The Deloitte study suggests that FSIs must prioritize cybersecurity as a critical function, allocating sufficient resources and attention to stay ahead of evolving threats. By doing so, they can protect their customers’ sensitive information, maintain public trust, and avoid costly disruptions to their operations.

Key Recommendations

  • Proactively engage the board on cyber risk management
  • Engage the entire organization in cybersecurity efforts
  • Provide multiple lines of defense through embedded cybersecurity practices and personnel
  • Alter the mix of a CISO’s responsibilities to focus on strategy and advisory roles
  • Collaborate with peers and industry organizations to share best practices and develop common standards for cybersecurity