Reshaping the cybersecurity landscape

While the COVID-19 pandemic has significantly disrupted the financial services industry, it has also forced many financial institutions to fully embrace their digital transformation strategies and in turn, the cybersecurity function.

To that end, our third annual survey of the Financial Services Information Sharing and Analysis Center (FS-ISAC), Reshaping the cybersecurity landscape: How digitization and the COVID-19 pandemic are accelerating needs at many financial institutions, explores key cyber risk trends to watch and possible implications of the COVID-19 pandemic.

Key takeaways

• Survey respondents reported an increase in cybersecurity spending, with identity and access management, cyber monitoring and operations, and endpoint and network security receiving bigger shares of the pie.
• For the last three years, respondents identified rapid IT changes and rising complexities as their No. 1 cybersecurity challenge. To help effectively mitigate emerging cyber risks, companies should consider digitally enabling the cyber function within the broader IT service development process. Adopting “security by design” principles during technology development could also help financial institutions create more secure products.
• Cybersecurity is often included as part of the IT function, and CISOs typically report to the CIO or CTO at their firms, according to most respondents from large financial institutions surveyed. This reflects the need for close integration of cybersecurity and IT.
• At the same time, financial institutions may want to retain a certain level of independence for cybersecurity, which could help ensure risk management decisions are not overshadowed by IT constraints.
• Respondents cited emerging technologies such as cloud, data analytics, and robotic process automation as top cybersecurity investment priorities. Access control, protective technology, and data security were emphasized as rationales.
• As digitization and remote work accelerates, and lines among employees, customers, contractors, and partners/vendors are blurring, many traditional network perimeters and boundaries are obscured. Users, workloads, data, networks, and devices are everywhere. ‘Zero Trust’ has emerged as a concept for enforcing ‘least privilege’ for modern enterprises contending with the ubiquitous nature of these domains.