Pursuing cybersecurity maturity at financial institutions
Survey spotlights key traits among more advanced risk managers
Financial firms are stepping up their efforts to stay ahead of cyber and business threats. The latest Deloitte and FS-ISAC survey reveals what differentiates the strongest cybersecurity programs from the rest.
In this report—in addition to identifying spending patterns across the industry by sector, size of company, and cyber risk management maturity level—we identified several core traits of those that have already reached the highest maturity level as defined by the National Institute of Standards and Technology (NIST).
These defining characteristics of “adaptive” companies, which are alluded to in the NIST cybersecurity maturity framework, include:
- Securing the involvement of senior leadership, both top executives and the board;
- Raising cybersecurity’s profile within the organization beyond the information technology (IT) department to give the security function higher-level attention and greater clout; and
- Aligning cybersecurity efforts more closely with the company’s business strategy.
Organizations that can integrate these fundamental elements and follow the example set by leading cybersecurity programs will more likely become and remain adaptive in the face of an ever-evolving business and threat landscape.
The survey indicated that money alone is probably not the answer, as higher cybersecurity spending did not necessarily translate into a higher maturity level. That likely means exactly how—and how well—financial institutions go about securing their digital fortress is at least as important as the amount of money devoted to cybersecurity.