Insufficient funding is often cited as a primary barrier to robust information security. But that isn’t the case for New York state’s banking institutions.
The majority of the banks — 77 percent — have seen their information security budgets increase in the past three years, according to a recent survey of 154 institutions by the New York State Department of Financial Services (DFS). Another 18 percent of the banks reported that their budgets have remained the same, and “[a]lmost no institutions reported a decrease in spending in the past three years.”
Nearly 80 percent of New York’s banks reported that spending is expected to increase at least through 2017. Compliance and regulatory requirements, business continuity and disaster recovery as well as reputational risk are the key drivers that are expected to boost funding. Increased security funding for the state’s banks could mean good news for budding professionals.
“The vast majority of banks — large and small — are planning to ramp up their cyber security spending in the coming years, which could represent a key opportunity for job growth and economic development in New York," according to a press release on the report.
Organizations such as the National Association of State Chief Information Officers have urged states not to overlook their cybersecurity risks and to allocate adequate security funding, especially as new administrations come on board. Compared to the private sector, state governments spend less on information security.
The increasing sophistication of security threats and emerging technologies were cited as primary barriers to information security, the survey noted. Fewer than 10 percent of the state’s banks cited insufficient funding as a major challenge. Most of the surveyed institutions have experienced actual or attempted intrusions into their IT systems over the past three years.
In early May, Cuomo announced DFS will regularly conduct new, targeted cybersecurity preparedness assessments of all banks that it regulates. The revised assessments will provide greater details about banks’ IT management and governance, incident response measures and disaster recovery capabilities.