Money isn’t everything when it comes to bolstering cybersecurity at financial institutions. Indeed, the most advanced risk managers in financial services aren’t necessarily those who spend the most. Instead, cybersecurity planning, execution, and governance are more likely to be the key differentiators in terms of maturity.
That was one of the main takeaways from our analysis of the second annual survey of chief information security officers (CISOs) at banks, insurance companies, investment management firms, and other industry players, conducted by the Financial Services Information Sharing and Analysis Center (FS-ISAC), working in conjunction with Deloitte Cyber Risk Services.
The survey found a wide range of cybersecurity spending among survey respondents, whether comparing companies by size (based on revenue), industry sector, or risk management maturity level. But more importantly, we were able to identify several core traits of those that have reached the highest maturity level as defined by the National Institute of Standards and Technology (NIST).
It stands to reason that organizations that can integrate these fundamental elements and follow the example set by leading cybersecurity programs are more likely to become effective risk managers and remain at the top of their game in the face of an ever-evolving threat landscape.
Continue reading >>