How Much Do Banks Spend on Cybersecurity? (Research)

Going to the bank no longer entails actually going to the bank. With features such as mobile check cashing, direct deposit, and app-based investing, many banks can handle all of their clients’ needs 100% remotely. However, with this increasingly online approach, the threat of cybercrime is undoubtedly on the rise. Exactly how much do banks spend on cybersecurity?

Most banks will spend at least 10% of their total budget on cybersecurity. For large institutions, such as Bank of America, this represents a figure well over $1 billion.

Although spending on cybersecurity will vary between institutions, there is no doubt that cybersecurity is an increasing cost for banks. With financial institutions 300X more likely than other online enterprises to be targeted in a cyberattack, banks must do their due diligence to keep customers safe as we head into 2022. Read on to find out all you need to know about bank spending on cybersecurity.

how much do banks spend on cybersecurity

How Much Do Banks Spend for Cybersecurity?

Banks will typically spend around 10% of their entire budget on cybersecurity. For Bank of America, this represented an eye-popping figure in excess of $1 billion in the last year.

While not all banks will shell out such a lofty sum for cybersecurity, statistics reveal that spending on cybersecurity will represent between 6% and 14% of all banks’ budgets. 

How Banks Spend on Cybersecurity

You may think that spending on cybersecurity simply means beefing up the IT team.

Yes, salaries for top-notch IT professionals is a significant part of many banks’ budgets. However, it is far from the only expense institutions face as hackers become more sophisticated with their fileless attacks which render most reactionary software programs impotent.

Therefore, the following breakdown looks at some of the ways banks are spending on cybersecurity as we head into 2022. 

Employee Education

Cybercriminals continue to come up with sophisticated ways to get insider access to a banking network. The easiest way to achieve this is through the employees themselves.

An employee does not have to go rogue for a cybercrime to be put into action. Hackers can simply detect a weakness and use employee negligence to garner employee credentials, allowing them to wreak havoc in the network.

As a result, banks are spending like never before on employee education and training programs. These training efforts:

  • Teach employees to identify all potential threats and take steps to prevent cyberattacks
  • Teach employees how to appropriately handle customer data
  • Teach employee how to properly identify a security breach
  • Empower employees to take action in the event that a breach is identified

Third Party Audits

Seemingly minor vulnerabilities pose the greatest threat to cybersecurity, as hackers look for the smallest points of daylight to spread their dark designs.

Unfortunately, many minor threats go unrecognized by IT teams and software programs who are used to the status quo of the network.

Therefore, banks are having to spend a greater portion of their budget on bringing in third-party auditors to test the integrity of their networks.

These auditors are trained to think like hackers, looking for any potential vulnerabilities to gain access to user information. Some specific things these auditors will look for include:

  • Misconfigured systems
  • Missing security rules
  • Outdated extensions
  • Development bugs
  • Slow or lagging systems

By identifying any of these areas ahead of time, regular audits can help you keep your system ahead of any future breaches. 

Invest in Zero-Trust Networks

The current trend in cybersecurity is prevention–not reaction.

Employee education and third party audits are two important aspects of this trend. However, the establishment of a zero-trust banking network is the true key.

Zero-trust security means that no one from inside or outside the network is inherently trusted. This means that for every step of a party’s journey through the network, some type of credential will be required for further access.

This differs from the transitional castle-and-moat approach to cybersecurity. In this outdated approach, anyone outside the network faced extreme difficulty getting in, but once inside, they had free reign.

As technology has evolved, and cloud computing has become an integral part of banking, the castle-and-moat approach no longer makes sense. Therefore, banks are spending like never before to establish a zero-trust network.

Why Banks Spend on Cybersecurity

The average security breach is said to cost banks about $8.94 million to rectify. As if this direct cost is not enough in and of itself, there are a number of other ways that cybercrimes can negatively impact a bank’s bottom line:

  • Customer loss – when fraudulent charges appear on a customer’s account, it is the bank’s responsibility to recover them. This is easier said than done in some cases, with the bank potentially forced to eat the charges to make things right with the customer
  • Customer data – once customer data has been stolen, it can set off a domino-like effect. The information is sold on the dark web, putting other customer accounts at risk. Customers may be permanently locked out of their accounts, ending their relationship with the bank if the breach is sever enough
  • Reputation – not only will the violated customer be increasingly likely to defect following a security breach, but it may be difficult attracting new clients. Word of cybercrimes spreads quickly in this day and age, and the bank may have to spend liberally on brand management to regain its reputation with the public
  • FDIC compliance – cybersecurity is one of the most important aspects for modern banks to ensure compliance with the FDIC. As a result, even if a breach never occurs, fines and penalties for insufficient cybersecurity can take a financial toll on banking institutions

The Bottom Line: How Much Do Banks Spend on Cybersecurity

Banks will spend roughly 10% of their total budget. For large institutions, this may represent a dollar value over $1 billion.

While cybersecurity spending is not set at a specific figure for all banks, there is no doubt that the cost of cybersecurity is increasing as we head into 2022, as hackers develop sophisticated, fileless techniques of breaching networks.

Therefore, increased spending on prevention, such as employee education, third party audits, and zero-trust networks will continue as the banking landscape becomes increasingly remote.

Recent Posts