The state of cybersecurity at financial institutions
How do financial services firms measure success with cybersecurity? A Deloitte survey examined how firms developed and deployed best practices. While many approaches are unique to individual firms, institutions are best to scrutinize and learn from their peers’ experiences.
CISOs strive to upgrade cybersecurity
How do you measure what “good” looks like when it comes to cybersecurity at financial services companies?
The answer may be difficult to determine in the midst of a constantly changing threat landscape, and at a time when shifting business priorities and exponential technology forces are changing how many organizations approach management of cyber risks. In dealing with these challenges, chief information security officers (CISOs) often face a number of difficult questions:
- Does the operating model (centralized vs. decentralized) matter?
- Which factors determine the role of CISOs in terms of reporting relationships and influence within their companies?
- What role does the innovation agenda play in deciding how much of the cyber risk budget could be used for transformative vs. operational investments?
- Is there an “efficiency ratio” that can be applied to cyber risk management functions?
- Is there an empirical way to compare one financial institution’s cyber risk management program to another?
We surveyed CISOs from 51 companies about how they are discharging their responsibilities in protecting the digital fortresses at banks, investment management firms, insurance companies, and other financial services institutions (FSIs). The results provide a preliminary snapshot of how many FSIs may go about handling cybersecurity, while generating intriguing insights that warrant further exploration.
Overall, we found organizations working within a broad spectrum of cybersecurity strategies, structures, and budget priorities. Our findings suggest that clear differences exist within the industry based on company size, maturity level, and even ownership structure.