Deloitte and FS-ISAC survey reveals why firms may need to prioritize and reinvest in cyber protection programs

Reshaping the cybersecurity landscape

Cybersecurity for financial institutions was critical before COVID-19 hit—and likely even more so now. This year’s Deloitte and FS-ISAC survey reveals why firms may need to prioritize and reinvest in cyber protection programs.

Reshaping the cybersecurity landscape

While this survey was done pre-pandemic (the last responses came in January), there are some valuable findings in here for your back pocket: Those surveyed spent about $2,700 on average per full-time employee on cybersecurity, increasing from about $2,300 last year. All told, this translates to about 10.9% of a financial institution’s IT budget on cybersecurity on average, up from 10.1% a year earlier. Cyber monitoring and operations, endpoint and network security, and identity and access management collectively received more than 50% of the spending pie.

The report also delves into the changes since the pandemic hit, noting that “the challenges presented by the current operating environment are vast” and that it’s “time to double down on cybersecurity.”

  • “Cybersecurity organizations will need to quickly adapt to this new operating environment by implementing enhanced controls and endpoint protection technologies to exert greater control over end-user devices.”
  • “At the same time, with lines blurring among employees, customers, contractors, and partners/vendors in general, firms should consider implementing ‘zero trust’ principles for access since the organization’s perimeter is essentially gone. This means every transaction involving flow of data, whether it be through networks, applications, users, devices, or workloads, is controlled for least privileged access.”
  • “Companies should also digitally enable their cyber function to improve agility and automation. Weaving security-by-design principles into IT service development and embedding cybersecurity requirements into the architecture and design stages of the software development lifecycle could help companies get ahead of evolving threats.”