Over the last decade, the financial services industry has undergone a radical transformation from trying to manage an aging and costly infrastructure to fully embracing digital transformation. This shift, however, has put the industry’s cybersecurity in the spotlight, given both the damage that can be inflicted by an intrusion and heightened public and regulatory expectations regarding security and privacy.
In order to assess the current state and direction of cybersecurity at organizations around the world, Protiviti co-sponsored a global survey of 1,300 C-suite executives and their direct reports, which was supplemented with in-depth interviews with 18 CISOs and cybersecurity experts and input from an advisory board of executives from a range of industries. The survey, The Cybersecurity Imperative, paints a detailed picture of how senior business leaders are thinking about threats and implementing security best practices.
From this research, we have extracted the data for the 300 financial services executives who participated, representing a wide range of institution types and regions. In this paper, we focus on how financial services firms are progressing in their implementation of the NIST Cybersecurity Framework, trends and projections regarding threats and countertactics, and ways in which cybersecurity is supported by policies, organizational structure and interactions with other functions. We conclude with recommendations firms can use to help strengthen their cybersecurity practices.