A new joint study by Deloitte and the Financial Services Information Sharing and Analysis Center highlights the budget impacts establishing and maintaining cybersecurity.
There is no greater threat to an organization’s livelihood than a highly-publicized and costly cyberattack. Data breaches, data held ransom, and wire fraud can cost organizations millions of dollars in remediation costs – and additional costs stemming from the loss of customers, consumer trust, etc.
So, it’s important for organizations to dedicate an appropriate amount of budget to address cybersecurity concerns. According to the Pursuing Cybersecurity Maturity at Financial Institutions study put out by Deloitte, financial institutions spend a tremendous amount on a per-employee basis ($2300), but it may not be enough.
According to the report, the average spend dedicated to cybersecurity as a percentage of revenue is 0.36%, just 10% of the overall IT budget. This translates to an IT budget (as a percentage of revenue) of just 3.6%.
According to a 2017 Deloitte study, Technology Budgets: From Value Preservation to Value Creation, the Banking and Securities vertical spent 7.16% of revenue on IT. That’s represents a significant drop in IT (and, therefore, cybersecurity focus).
Deloitte encourages organizations (financial and otherwise) to work towards an adaptive level of cybersecurity maturity (as defined by NIST) and offers these three characteristics of adaptive organizations:
While financial organizations are spending what appears to be a tremendous amount of budget per employee on cybersecurity, the reality is they need to be doing more to fend of attacks that will do more damage per employee than just $2300.