Big banks and other financial firms spend as much as $3,000 per employee to defend computer networks from cybercriminals, a survey found, as the industry remains the primary target of such attacks.
That would translate to about $750 million annually for JPMorgan Chase and HSBC each, based on their 2018 headcount figures. For Bank of America and Citigroup. it would mean some $600 million each.
Some of the largest banks tripled cyberdefense budgets in the last three to four years amid a surge of attacks on client information, accounts and other data. The finance sector was the focus of 19% of all attacks monitored by IBM last year, the technology firm said in a February report. Spending more on security doesn't necessarily translate to better defenses, Deloitte said.
"Money alone is not the answer," said Julie Bernard, a principal in Deloitte's cyber-risk division. "How a security program is planned, executed and governed is as important, if not more."
The survey was conducted by Deloitte and the Financial Services Information Sharing and Analysis Center from October to November. The average cybersecurity outlay was $2,300 per worker for the 96 financial firms that took part.
