Financial Firms Spend Up to $3,000 Per Employee on Cybersecurity
(Bloomberg) — Big banks and other financial firms spend as much as $3,000 per employee to defend computer networks from cyber criminals, a survey found, as the industry remains the primary target of such attacks.
That would translate to about $750 million annually for JPMorgan Chase & Co. and HSBC Holdings Plc each, based on their 2018 headcount figures. For Bank of America Corp. and Citigroup Inc. it would mean some $600 million each.
Some of the largest banks tripled cyber-defense budgets in the last three to four years amid a surge of attacks on client information, accounts and other data. The finance sector was the focus of 19 percent of all attacks monitored by International Business Machines Corp. last year, the technology firm said in a February report. Spending more on security doesn’t necessarily translate to better defenses, Deloitte said.
“Money alone is not the answer,” said Julie Bernard, a principal in Deloitte’s cyber-risk division. “How a security program is planned, executed and governed is as important, if not more.”
The survey was conducted by Deloitte and the Financial Services Information Sharing and Analysis Center from October to November. The average cybersecurity outlay was $2,300 per worker for the 96 financial firms that took part.