Survey: Bank Cyber Risk Management Increasingly Part of IT Function

Cybersecurity in the financial sector is becoming more integrated with the IT functions, according to a survey of chief information security officers released recently by Deloitte and the Financial Services Information Sharing and Analysis Center. Fifty-six percent said the cybersecurity function is part of the IT organization, up from 44% in 2019; just 8% said that IT and cyber are completely separated, down from 22% in 2019. In another expression of this alignment, 62% of CISOs report to chief information officers or chief technology officers, up from 20% in 2018.

Cybersecurity continued to grow as a share of financial-sector IT expenses, rising from 10.1% in 2019 to 10.9% in 2020, Cyber spending also grew as a proportion of full-time employees, rising from $2,337 to $2,691 per FTE. Budget allocations remained consistent for the most part, although identity and access management grew from 11% in 2018 to 16% in 2020.

The survey, which was conducted prior to the outbreak of COVID-19 in the United States, also analyzed the biggest challenges, major products affected by cybersecurity and top digital priorities for CISOs, although the report noted that many of these are likely to have changed in the post-coronavirus environment.