Financial institution’s cybersecurity has always been important to protect their client’s private information and data. With COVID-19, their cybersecurity is even more critical than before. With more people working from home, institutions need to invest more money in their cybersecurity to ensure the client information the company works with remains safe. As a result, many organizations have started to ramp up the digitization of their company’s network.
According to a survey from Deloitte, survey respondents reported that they have increased their spending in cybersecurity – focusing primarily on “identity and access management, cyber monitoring and operations, and endpoint and network security.”
Digitization and COVID-19
With technology advancing, many financial institutions have steadily shifted their work and data to digital storages. Both large and small financial companies have gone digital to meet the efficiency needs and increasing expectations of their customers. Financial institutions have been gradually moving to digitization based on factors within each organization, including but not limited to readiness for change, agility, and size.
However, COVID-19 has forced the companies to accelerate their digitization due to the need of employees working from home. Office closures and restricted movements have led to virtual work. As a result, many institutions needed to shift to digital work in operations, distribution, and customer engagement.
While the shift was done, however, many problems have arisen which the chief information security officers (CISOs) and cybersecurity teams have had to deal with. Hackers and cyber scammers have taken advantage of companies expanding their digital footprints because it has opened new surfaces to launch a cyber attack.
Combating Cybersecurity Threats
While employees can implement security measures in their own home, companies still need to increase their cybersecurity function to keep up with digitization and the transformation to remote work. Over the past three years, the importance and prioritization of cybersecurity has only continued to grow. In particular, financial institutions have allocated more resources, increased board investments, and made investments that are more aligned IT security practices.
Financial Institution’s Cybersecurity Programs
In Deloitte’s annual survey, they have explored how financial organization have structured and managed their cybersecurity programs. This includes their organization models, spending patterns, outsourcing options, and investment policies. This survey also identified cyber risk management trends and future implications for the firms’ cybersecurity.
As a result of COVID-19, financial institutions have had to increase their cybersecurity budget. This was to ensure the cyber risk would remain at a manageable level. With the increased demand for cybersecurity, cybersecurity spending has also risen to reallocate resources into the institutions’ cybersecurity program. Deloitte’s survey found that respondents spent 10.9% of their IT budget on cybersecurity – higher than the 10.1% from the previous year. This increase in spending is caused by the increase in the average annual cost of cybersecurity since the start of the pandemic.
Despite the increase in cybersecurity spending, the budget allocation within cybersecurity has been consistent in the three years Deloitte has been analyzing the yearly survey.
Increased Interest in Cybersecurity
The increased spending in cybersecurity is also because of the heightened interest board members have in cybersecurity. CISOs have been able to refine cybersecurity’s value proposition, which have increased board engagement in cybersecurity.
With the increased interest in cybersecurity, companies could bring focus to the importance of cybersecurity. This resulted in the increased spending in cybersecurity to meet the concerns of board members.
In Deloitte’s survey, it was found that companies with board members that were more engaged in the cybersecurity practice have a higher cybersecurity maturity. This highlights the importance of convincing board members to understand the concerns of cybersecurity to the organization.
Cybersecurity and IT
Each organization manage and operate their cybersecurity programs differently. The structure, reporting lines, and focus areas are dependent on each company’s priorities. As a result, many financial institutions have adopted a mix-and-match approach to their cybersecurity strategy after evaluating their business objectives.
As companies have become more digital, financial firms have linked their cybersecurity program to their information technology (IT) department. This can be seen in 2020 where 56% of respondents believe that the “cybersecurity function is part of the IT organization.”
The close alignment of cybersecurity and the IT functions have helped financial institutions better position themselves when facing cyber risks. With the help of IT partners, the companies were able to operate in a faster and more effective manner.
While cybersecurity and IT are interrelated, everyone in the organization is responsible for doing good cybersecurity practices. This is because hackers can take advantage of any vulnerability in the organization. This includes employees not involved in IT who have access to the organization’s network.
Therefore, enforcing safe cybersecurity practices is crucial. This includes educating employees about cyber threats such as insider threats, social engineering, malware attacks, or bad password practices. As long as employees are cautious with their actions, your organization cay easily avoid many of these cyber threats.
Business Values of Cybersecurity
Cybersecurity programs should demonstrate value to the business. It should align with the business objectives and help the organization grow by ensuring everything operates smoothly. To ensure top management understand and appreciates the value of cybersecurity, CISOs focus on the following:
- Algin with company focus: CISOs ensure the cybersecurity capabilities meet technology strategies and business objectives.
- Address external considerations: Meeting regulatory requirements and reacting natural disaster events is necessary to ensure the organization runs properly even when facing external factors and influence.
- Support talent/employees: People is one of the crucial fundaments of cybersecurity. It emphasizes the importance of people practicing and being aware of safe cybersecurity methods.
Focusing on these factors ensure the organization understands how cybersecurity influences the business. By emphasizing the importance of these factors, CISOs can convince top management to enable and implement more or better cybersecurity practices.
If you found this blog useful, please share with others: