Bank of America spends $1 billion per year on cybersecurity
The Bank of America CEO Brian Moynihan says that the company has ramped its cybersecurity spending to over $1 billion a year.
The company’s centralised global information-security unit has boosted spending in recent years to bolster cyber defences after seeing a jump in threats amid the pandemic.
Speaking to CNBC, Moynihan said: "I became CEO 11 and a half years ago, and we probably spent three to $400m per year on cybersecurity, we’re up over a billion now.
"The institutions around us, other institutions and my peers, spend like amounts, and our contracting parties spend like amounts. In other words there’s a lot of money being spent on this and I think one of the things our industry has done a great job of is work together," he added.
The lender is constantly assessing threats from individuals, groups and governments, and is also scanning the horizon to protect itself against an “Armageddon scenario”, its Chief Operations and Technology Officer, Cathy Bessant, said in an earlier press briefing.
Bessant gave a stark warning about cyberattacks on US financial institutions saying: “There’s no question that the rate and pace of attacks, and the nature of attacks, has grown dramatically.”
“Criminals are by definition very crafty, very entrepreneurial – and times of stress produce opportunities,” she added.
In a recent Deloitte survey of finance executives, 64% said they expect to see cybersecurity budgets keep rising.
The Deloitte and FS-ISAC survey revealed that firms need to prioritise and reinvest in cyber protection programmes.
For the last three years, respondents identified rapid IT changes and rising complexities as their No. 1 cybersecurity challenge. To help effectively mitigate emerging cyber risks, companies should consider digitally enabling the cyber function within the broader IT service development process, according to the survey. Adopting “security by design” principles during technology development could also help financial institutions create more secure products.
The survey also found that cybersecurity is often included as part of the IT function, and CISOs typically report to the CIO or CTO at their firms, this reflects the need for close integration of cybersecurity and IT. At the same time, financial institutions may want to retain a certain level of independence for cybersecurity, which could help ensure risk management decisions are not overshadowed by IT constraints.
Respondents cited emerging technologies such as cloud, data analytics, and robotic process automation as top cybersecurity investment priorities. Access control, protective technology, and data security were emphasised as rationales.