Everyone has an opinion about it, but not many organisations are actually doing anything. Therefore, […]
How are financial institutions performing their cyber security measures? Our survey examines how firms developed their cyber security approach and what best practices are. While many approaches are unique to individual firms, institutions are best to scrutinize and learn from their peers’ experiences.
Shedding light on cyber security best practices
We surveyed CISOs from 52 companies about how they are discharging their responsibilities in protecting the digital fortresses at banks, investment management firms, insurance companies and other financial service institutions. The results provide a preliminary snapshot of how many financial institutions may go about handling cyber security, while generating intriguing insights that warrant further exploration.
State of cyber security at Financial Institutions
The survey brought some noteworthy observations, of which some are discussed here:
1. IT/Cyber security budget vs. cyber security program maturity
While it is important to have an adequate budget for cyber security, how a program is organised and governed may be equally if not more impactful than how is spent relative to a company’s overall IT budget or revenue. Indeed, many companies with below average cyber security budget allocations managed to achieve a high program maturity level, while some that had higher than average spending were actually less advanced (see the different cyber security maturity levels in the image below).
Cyber security maturity levels
2. Large vs. small financial service institutions
According to our survey, company size is likely to be a factor in an financial service institutions cyber security reporting structure. More than one-half of the CISOs responding from smaller companies reported directly to the CEO, which is likely to reflects a flatter organisational structure. At the largest responding companies, the CISO was more likely to report the CIO, COO, or CRO.
3. Cyber innovation as top priority
When it comes to new investments, survey respondents indicated that innovation and emerging technology are top-of-mind for CISOs, with cloud, data and analytics and social media topping the list of technology items that warrant attention at the larger firms.
For more information, get the full report here.