Inside JPMorgan’s Half-Billion Dollar Cybersecurity Bet

Back in August we learned that JPMorgan Chase had plans to double its cybersecurity spending budget to about $500 million by 2016.

That move followed remarks from CEO Jamie Dimon after the 2014 security breach that led the chief executive to announce the bank’s plans to invest more in cybersecurity efforts over the next four to five years. Dimon said last year that the company needed to stay vigilant as cybersecurity issues were enduring in nature and would continue to happen over a long time. He also vowed to quickly address the loopholes that led to the cyberattack.

The investigation led by the bank found that the attackers deleted or altered server logs that would have helped investigators trace the movements of the hackers inside the bank network. It was concluded that the data theft was a state-sponsored act or some group trained by a foreign government as the hackers didn’t aim to get the easily marketable data but rather lingered on the servers exploring the weaknesses — an act that wouldn’t be valuable to ordinary criminals, sources suggested.

Now, fast forward to 2016 and those plans are coming into place. Per details revealed through JPMorgan’s quarterly report (officially filed last fall), Forbes details what exactly that report shows about the bank’s decision to bulk up its cybersecurity spending. This, however, still has JPMorgan’s legal team wondering if the $500 million is enough.

“JPMorgan is going to spend a half-billion dollars on security this year, and we still feel challenged,” said Andy Cadel, general counsel, IP and data protection for the bank, during a recent conference.

So what does that spending report entail? Managing cyber risks, to start. Two points detailed include:

  • Ability of the Firm to maintain the security of its financial, accounting, technology, data processing and other operating systems and facilities.
  • Ability of the Firm to effectively defend itself against cyberattacks and other attempts by unauthorized parties to access the Firm’s information or disrupt its systems.

As the Forbes piece points out, there’s plenty of industry support as to why JPMorgan is banking so much cash into cybersecurity. To start, it cites Infosecurity Magazine, which details how financial services firms are impacted by these types of incidents 300 times more than other businesses.

And then there’s data from the Depository Trust & Clearing Corporation, which, according to the report, announced in 2015 that the number of security incidents has caused its cybersecurity rating to nearly double in just a year’s time across the financial markets. Those respondents specifically noted the growth in the “frequency and sophistication of cyberattacks.”

But JPMorgan isn’t alone in its investment. According to a report from the Homeland Security Research Corp., the 2015 U.S. financial services cybersecurity market reached $9.5 billion in 2015. Forbes notes that amount makes the industry the largest in the cybersecurity market that’s non-government related.