Recipe for Disaster: FinServ Underspends on Cybersecurity as Emerging Tech Risks Multiply
It's just a matter of time before the next cyberattack!
Do you think that your financial service (Finserv) provider faithfully guards your digital accounts and itself from cyberattacks? Think again.
Seventy percent of those surveyed by McKinsey acknowledge that they are underspending on cybersecurity!
So why are they underspending at a time when they are adopting emerging technology that multiplies risks? Could it be regulatory compliance? Answer below!
Meanwhile Finserv is spending big on: Cloud and edge computing, Applied AI, Next-gen software development, Trust architectures, and digital ID.
These are all transformational technologies, but each comes with a new set of cyber risks that no one can fully predict or prevent.
It’s just a matter of time before some unwitting finserv has a major cyber breach!
👉TAKEAWAYS
🔹Companies recognize critical underinvestment in cybersecurity
🔹Seventy percent of the survey respondents believe they are underspending and should spend more.
🔹 Not one organization reported overspending.
🔹 A majority of companies said that increased spending of at least 20 percent is required.
🔹 New technologies will increase that 20 percent figure considerably!
🔹 Finserv companies devote 13 percent of their IT budget to cybersecurity.
McKinsey proposes four critical questions as a foundation for action, but if this is all they’ve got, I don’t see how they can charge clients big bucks!
🔹 Do we have the right technology priorities, and are they aligned with our security capabilities?
🔹 Do we have the right metrics and reporting?
🔹 Are we investing in the right things?
🔹 Do we have the right talent and technology to close capability gaps?
Finserve makes a critical error in seeing regulation as the driver of cybersecurity. This is what I like to call a “recipe for disaster.”
👊STRAIGHT TALK👊
So why aren’t finserv companies spending on cybersecurity?
Interestingly, the problem lies in a fixation on regulatory compliance. Finserv uses regulatory compliance as the primary driver for their cybersecurity programs (see chart).
If that sounds like a recipe for disaster, it is. Regulators cannot possibly keep up with or know the interrelationships between new technologies.
Finservs waiting for regulators to tell them what to do with cybersecurity on new technologies are courting disaster.
Mckinsey tactfully states: “Companies should approach compliance as the minimum baseline of expectations rather than the aspirational goal.”
In reality, with new technologies like GenAI, regulations don’t even provide a minimum baseline.
This means that finserv should not just increase cybersecurity spending but figure out what the risks really are without relying on regulators telling them what to do.
Watch as a finserv claims that it was 100% compliant with regulations after cyberattacks crippled their systems!
Thoughts?
One thing to learn from this chart is NEVER say it can’t happen to your company!
Thank you to all my subscribers who have been sharing Cashless!
You are now the No. 1 driver of subscriptions, and prove that word of mouth still works better than X!
Join the community by subscribing! You’ll be glad you did!
