Financial institutions (FIs) plan to spend 15 percent more protecting their computer networks in 2020 than they spent in 2019, according to a report based on the results of a survey conducted by Deloitte & Touche LLP and the Financial Services Information Sharing and Analysis Center.
The survey examined cybersecurity spending per employee and concluded it increased on average to $2,691 annually from $2,337. It also found that some unnamed FIs expect to spend more than $3,000 per employee this year.
The authors of the report based on the survey wrote: "Over the last few months, the COVID-19 pandemic has forced many companies to accelerate their digitization efforts. As office closures and restricted movement compelled everyone and everything that could go virtual to do so, many institutions had to more fully embrace a digital transformation in operations, distribution and customer engagement.
"This sudden shift, however, has compounded problems for many chief information security officers (CISOs) and cybersecurity teams charged with securing the digital fortress at their firms. Hackers and cyberscammers are trying to take advantage of expanding technology footprints and new attack surfaces, with most employees working remotely."
The World Economic Forum also stated in a late July report that the swift move by companies to digital operations is creating opportunities for cybercriminals.
Bloomberg, working with data contained in the report, calculated that for the biggest banks, which tend to spend more on security than smaller peers, the totals could approach $1 billion annually: roughly $850 million annually for J.P. Morgan Chase and nearly $900 million annually for Wells Fargo. Bloomberg's methodology would have Citigroup and Bank of America spending about $700 million annually each.
The survey was conducted in late 2019 and January 2020 and included 53 participating firms.
Consultancy Accenture found in 2019 that the leading attacks on large organizations that year were malware attacks, web-based attacks and denial-of-service attacks.
