Financial services leaders weigh trade-offs between innovation and security, says LevelBlue
LevelBlue today released its 2024 Futures Report: Cyber Resilience in Financial Services. The findings detail how financial services institutions are approaching cybersecurity and the critical barriers preventing them from achieving cyber resilience.
Cyber resilience is a critical initiative for financial institutions as they balance agility, innovation, and cost efficiency with increasing demands for safeguarding sensitive financial data, maintaining regulatory compliance, and ensuring the continuity of essential services. In the era of dynamic computing and artificial intelligence (AI), organizations are constantly weighing innovation and risk; in fact, 89% of financial services respondents anticipate dynamic computing will enhance operational performance within the next three years but also increase risks.
While dynamic computing presents major opportunities for innovation in the financial services industry, risks increase as businesses favor innovation over resilience, introducing uncertainty that hampers cyber resilience. Despite acknowledging an increased exposure to risks, 82% indicate they can’t assess how an attack might impact their organization, and an additional 75% of respondents believe computing innovation benefits outweigh the cybersecurity risks.
“In today’s fast-moving financial services environment, essential security considerations are often missed,” said Theresa Lanowitz, Chief Evangelist of LevelBlue. “Compounded by the complexities of dynamic computing and an evolving threat landscape, financial institutions are more vulnerable than ever. As they consider new innovations, they must also prioritize cyber resilience by fortifying their defenses, mitigating risks, and ensuring long-term viability.”
Financial services institutions remain susceptible to vulnerabilities in their software and physical supply chains, with 50% of respondents indicating this as a major concern. Additionally, 52% of respondents have little to zero visibility into the IT estate, and that lack of visibility is compounded by new regulations, according to 77% of respondents.
When assessing the critical barriers to cyber resilience planning and cybersecurity budgeting for financial services institutions, the report found that:
- 72% indicate that digital transformation is an ongoing barrier to cybersecurity resilience.
- 69% of financial services respondents believe cybersecurity is an afterthought in their organizations, with another 72% stating efforts are often siloed.
- 66% indicate that cybersecurity resilience initiatives are not sufficiently factored into the organization’s budget. In fact, 85% of financial institutions report budgets are reactive rather than proactive.
- 69% cite a lack of clarity over responsibility as a resilience barrier.
- The adoption of Cybersecurity-as-a-Service (CSaaS) is on the rise, with 34% opting to outsource their cybersecurity needs rather than managing them in-house.
- 62% of financial services respondents reveal there’s a lack of understanding about cybersecurity at the board level.
The LevelBlue Futures Report identifies opportunities for financial services leaders to remove roadblocks and understand where to focus resources for the most significant impact in achieving cyber resilience. Specifically, the report outlines five key steps for cyber resilience: identify the barriers to cyber resilience; be secure by design; align cyber investment with business; build a support ecosystem; and transform cybersecurity strategies.
Download the complete findings of the 2024 LevelBlue Futures Report: Cyber Resilience in Financial Services at this link here. This report follows the May 2024 release of the core 2024 LevelBlue Futures Report found here.
Methodology
The research is based on a quantitative survey that was carried out by FT Longitude in March 2024. There were a total of 1,050 C-suite and senior executives surveyed, across 18 countries and seven industries: energy and utilities, financial services, healthcare, manufacturing, retail, transportation, and US SLED (state, local government, and higher education). Respondents were employed in a variety of cybersecurity-related roles, with 32% working at C-level and the remainder employed in C-minus one positions. The total number surveyed in financial services is 197.