Financial Industry CISOs: Best in Class

Some of the earliest examples of the digital data breach targeted financial services. That turmoil has led to some positive results for the industry: it’s now become among the best at securing customer information.

A survey of 300 Chief Information Security Officers (CISOs) across the U.S., Europe, and Asia from a range of industries published by ServiceNow shows that 86% of financial services CISOs say they are highly effective at preventing breaches of personal information about customers compared to 50% of CISOs from other industries.

That confidence stems from robust processes, a focus on securing the best talent in the security field, investing in technology that strengthens data breach response and prevention strategies, as well as years of refinement due to regulatory obligations and public scrutiny.

Security is a corporate wide top priority in financial services. For example, 78% of financial sector CISOs polled cite data and information security threats as top-line business issues compared to just 28% of CISOs from other industries. CISOs in the financial industry also say more of their company’s technology budget is dedicated to security: over two-thirds say more than 11% of the technology budget is spent on security compared to one-quarter of other CISOs.

That means CISOs in financial firms have C-Suite partners who understand that security can’t be pushed off into a silo and ignored. Departments need to work together to ensure the security function is operating at its peak level, or else the entire company’s reputation, earnings, and operations are at risk. The average total cost of a data breach has grown to $4 million, according to Ponemon Institute.

Financial sector CISOs understand these risks better than others. They are about twice as likely to say breaches of personal information pose a serious danger to their company’s brand – 98% versus 56%.

As a result, financial sector CISOs are more focused on emerging technologies that can improve their function’s performance, including better managing the onslaught of breaches that happen in a single day. For example, 72% are investing heavily in big data and analytics versus 59% of all others; 38% are investing heavily in artificial intelligence versus 23% of others; and 30% of financial sector CISOs are investing heavily in augmented reality and virtual reality versus 12% of CISOs from other fields. In addition, CISOs in the financial industry have already automated almost one-half of security tasks compared to about 36% of tasks being automated in other industries.

However, CISOs in the financial industry cannot rest on their laurels.

Hackers are becoming increasingly dangerous and companies must constantly innovate processes to stay ahead. Last year, one in every 131 emails contained malware, which was the highest rate in five years. Business email compromise scams targeted more than 400 businesses every day and drained $3 billion over the last three years.

Moving forward, the financial industry needs to automate more sophisticated tasks and decisions so that employed experts can focus their time on the most important vulnerabilities and threats, instead of blocking malware emails. This is especially critical given the deficit of skilled security experts. Estimates say that more than 1 million security jobs are currently vacant.

Keeping data safe is a challenge across industries, but as financial customers demand more mobile and responsive services and products, the risk of data breaches rises. Financial industry CISOs must keep their advantage.