The state of cybersecurity at financial institutions

There’s no “one size fits all” approach

How are financial service firms performing their cybersecurity measures? Our survey examines how firms developed their cybersecurity approach and what best practices are. While many approaches are unique to individual firms, institutions are best to scrutinize and learn from their peers’ experiences.

Shedding light on cybersecurity best practices

We surveyed CISOs from 52 companies about how they are discharging their responsibilities in protecting the digital fortresses at banks, investment management firms, insurance companies and other financial service institutions. The results provide a preliminary snapshot of how many financial service institutions may go about handling cybersecurity, while generating intriguing insights that warrant further exploration.

State of Cybersecurity at Financial Institutions

Get your copy

Key findings

The survey brought some noteworthy observations, of which some are discussed here:

1. IT/Cybersecurity budget vs. cybersecurity program maturity

While it is important to have an adequate budget for cybersecurity, how a program is organised and governed may be equally if not more impactful than how is spent relative to a company’s overall IT budget or revenue. Indeed, many companies with below average cybersecurity budget allocations managed to achieve a high program maturity level, while some that had higher than average spending were actually less advanced (see the different cybersecurity maturity levels in the image below).

Cybersecurity maturity levels

2. Large vs. small financial service institutions

According to our survey, company size is likely to be a factor in an financial service institutions cybersecurity reporting structure. More than one-half of the CISOs responding from smaller companies reported directly to the CEO, which is likely to reflects a flatter organisational structure. At the largest responding companies, the CISO was more likely to report the CIO, COO, or CRO.

3. Cyber innovation as top priority

When it comes to new investments, survey respondents indicated that innovation and emerging technology are top-of-mind for CISOs, with cloud, data and analytics and social media topping the list of technology items that warrant attention at the larger firms.

More information?

Would you like to receive more information on cybersecurity in financial service institutions and how we can help? Please contact us through the contact details provided below.

Vond u dit nuttig?