According to the Financial Services Information Sharing and Analysis Center (FS-ISAC) which is an industry consortium dedicated to reducing cyber-risk in the global financial system -several CISOs have decided to ask the CFO of various financial institutions an increase in the cybersecurity investment. As stated by the CEO of FS-ISAC, Steve Silberstein,
“The advancement and adoption of new technologies coupled with increased geopolitical tension has fueled a rapidly evolving cyber threat landscape,”
He further added that an effective cybersecurity program needs to adapt to this environment, and funding must be deemed as a cross-functional investment.
The results of a successfully conducted survey show that 56 percent of the participants claimed to have 10 percent or less of their organizations budget for cybersecurity. Amidst the 10 percent, a majority of them listed IT infrastructure and assets management to be the department which had the highest budget.
The low funding departments are employee training and education, vendor management, and business continuity.
“Institutions are now finding vulnerabilities across other functions of the business with employees and third-party vendors becoming areas of increasing concern,” said Silberstein. “A holistic approach to cyber is critical to mitigating current and long-term risks.
Key factors discovered
- Out of the total cybersecurity budget, 27 respondents informed that the departments to receive most funding were regulatory requirements, risk management, and governance.
- Almost seventy-one percent of organizations claimed to check their incident response plan throughout the whole institution at least once a year while twenty one prevent revealed that thy only did it within the IT environment.
- Seventeen percent of participants said that they will seek an increase in the cybersecurity budget by 2021