Financial Services Cybersecurity Spending War
You’re probably not spending enough on cybersecurity. That’s the message some big banks are demonstrating as they lift the cap on budgets to prevent cybercrime attacks from hackers.
Bank of America Corp. CEO Brian Moynihan was quoted in Forbes saying the company “would spend $400 million on cybersecurity… [and that] the only place in the company that didn’t have a budget constraint was cybersecurity.” J.P. Morgan Chase & Co. followed a similar spending pattern, doubling its cybersecurity budget from $250 million to $500 million. Citibank’s IT security budget reportedly tops $300 million with reports that Wells Fargo spends roughly $250 million a year on cybersecurity.
Research by BAE Systems Applied Intelligence showed that U.S. firms in industries such as banking, technology, law, and mining were spending up to 15 percent of their entire IT budgets on security in 2014. Why? More than 80 percent of survey respondents expected the number of cyberattacks to rise. Concerns over the loss of customer data ranked as the companies’ greatest concern, followed by the loss of trade secrets, reputational damage, and service interruption.
Those numbers are only increasing. Worldwide spending on information security will reach $75 billion for 2015, an increase of 4.7% over 2014, according to the latest forecast from Gartner released in September 2015. The analyst firm said that the increase in spending is driven by government initiatives, increased legislation and high-profile data breaches.
Financial Services at Most Risk?
The industries most affected by security breaches are public, information, and financial services according to the Verizon 2015 Data Breach Investigation Report. The company’s take on the results? “No industry is immune to security failures. Don’t let a “that won’t happen to me because I’m too X” attitude catch you napping.”
Infosecurity Magazine said that financial services firms are hit by security incidents a staggering 300 times more frequently than businesses in other industries–which is natural, since that’s where the money is.
As a top target for hackers, financial services firms are clearly putting money where their most precious resources are. Steve Morgan says that “BoA does the best job at summing it all up. There really are no spending limits when it comes to battling cybercrime. Is there any company or federal agency out there who won’t come up with the money – even if it exceeds their co-called cybersecurity budget – to clean up after a major breach? Cybersecurity spending is a moving target, just like the cyber criminals.”
Financial Services companies are entrusted with their corporate clients’ confidential information and their consumers’ personal information. Protecting against cybercrime needs to be a top priority with the budget to support. The industry is listening, and all signs show that they are spending more. But are financial institutions throwing good money after bad? What are some ways Financial Services can better protect against outside and insider threats?
Creating a ‘Segment of One’ between the users and the network resources they are entitled to access is an essential step. Typically, network access should be proportional to the security context the user presents at the time. The more benign context they present, such as physical presence on a company network, one-time-passwords, or certificates, the more network resources they can access. Ultimately, each user’s network access entitlements are dynamically altered based on identity, device, location, network, and application sensitivity, driven by easily configured policies. By aligning network access with application access, users remain fully productive, while the attack surface area is dramatically reduced.
Explore how this works by downloading the whitepaper Dynamic, Policy-Based Access Control with AppGate XDP.