Bank of America spends $1 billion per year on cybersecurity

The Bank of America CEO Brian Moynihan says the company has ramped its cybersecurity spending to over $1 billion a year, in a new interview.

The Bank of America CEO Brian Moynihan says that the company has ramped its cybersecurity spending to over $1 billion a year.

The company’s centralised global information-security unit has boosted spending in recent years to bolster cyber defences after seeing a jump in threats amid the pandemic.

Speaking to CNBC, Moynihan said: "I became CEO 11 and a half years ago, and we probably spent three to $400m per year on cybersecurity, we’re up over a billion now.

"The institutions around us, other institutions and my peers, spend like amounts, and our contracting parties spend like amounts. In other words there’s a lot of money being spent on this and I think one of the things our industry has done a great job of is work together," he added.

The lender is constantly assessing threats from individuals, groups and governments, and is also scanning the horizon to protect itself against an “Armageddon scenario”, its Chief Operations and Technology Officer, Cathy Bessant, said in an earlier press briefing.

Bessant gave a stark warning about cyberattacks on US financial institutions saying: “There’s no question that the rate and pace of attacks, and the nature of attacks, has grown dramatically.”

“Criminals are by definition very crafty, very entrepreneurial – and times of stress produce opportunities,” she added.

Deloitte survey 

In a recent Deloitte survey of finance executives, 64% said they expect to see cybersecurity budgets keep rising.

The Deloitte and FS-ISAC survey revealed that firms need to prioritise and reinvest in cyber protection programmes. 

For the last three years, respondents identified rapid IT changes and rising complexities as their No. 1 cybersecurity challenge. To help effectively mitigate emerging cyber risks, companies should consider digitally enabling the cyber function within the broader IT service development process, according to the survey. Adopting “security by design” principles during technology development could also help financial institutions create more secure products.

The survey also found that cybersecurity is often included as part of the IT function, and CISOs typically report to the CIO or CTO at their firms, this reflects the need for close integration of cybersecurity and IT. At the same time, financial institutions may want to retain a certain level of independence for cybersecurity, which could help ensure risk management decisions are not overshadowed by IT constraints.

Respondents cited emerging technologies such as cloud, data analytics, and robotic process automation as top cybersecurity investment priorities. Access control, protective technology, and data security were emphasised as rationales.




Featured Articles

Gartner unveils top cybersecurity predictions for 2023-2024

Half of CISOs will formally adopt human-centric design practices into their cybersecurity programmes, while adoption of zero trust architecture will rise

DDoS protection market to grow amid increase in attacks

According to research by Cloudflare, DDoS attacks increased by 109% last year, with the last 12 months seeing some of the largest attacks the world

The impact data poisoning has on cyber and AI

We take a look at why the risks of data and AI poisoning is continuing to wreak havoc on the cybersecurity industry

Five innovative ways AI can help prevent cyber attacks

Cyber Security

SailPoint delivers new non-employee risk management solution

Cyber Security

Akamai shares details of Asia’s record-breaking DDoS attack

Network Security