GRCCPE Team

Why Cutting Cybersecurity Budget is a Dangerous Game for Financial Institutions

The recent ransomware attack on Ion trading group that took down their derivatives platform for a week highlights the devastating consequences of cyberattacks on financial institutions. The fallout on clients, reputation, and the cost of recovery are just a few of the factors that businesses need to consider in the aftermath of such incidents.

As cyber threats continue to grow, financial institutions are faced with the challenge of balancing cybersecurity budgets against the need for cost-cutting measures. However, cutting cybersecurity budgets in the short-term is a dangerous game that can result in long-term risks.

The Bank of England recently reported that cybersecurity is the number one risk for financial institutions. The impact of remote working has led to a rise in ransomware hacks, while a surge of DDoS attacks linked to the Russian war on Ukraine has all contributed to an increasingly threatening cyber landscape.

However, as cyber complexity rises, we are also seeing a trend of “brutal” job cuts across the sector, threatening vital roles in already-stretched cybersecurity teams. Cost-cutting is being cited as the driver behind a growing number of security leaders and engineers being cut from headcounts.

This is a very dangerous tactic that can have long-term consequences. Firing staff in the short term will make re-hiring much harder. Reputation as an employer is damaged easily, especially within cybersecurity, which is a close community. Moreover, cyber teams are already struggling, and as cuts are made, the remaining team is left to pick up the slack - doing even more with even less.

According to the Information Systems Security Association (ISSA), over half of organizations are being impacted by a lack of cybersecurity skills, with the result being an excessive workload for existing talent. Nearly four in ten cybersecurity professionals say they have experienced burnout due to the pressures of increasing risks and lack of support. When teams are understaffed and burnt out, cyber risk only increases, which can have devastating consequences for individuals and organizations alike.

Rather than shrinking cyber teams, financial institutions should consider investment in strategies and tools to support them. Working with managed security partners can remove the burden of identifying and mitigating risk and reduce the attack surface, securing data, applications, systems, and devices at all times. With real-time threat intelligence utilizing AI and ML, such partners free in-house cybersecurity teams to focus on supporting broader, strategic initiatives.As financial institutions undertake rapid digital transformation, from online trading to mobile banking, digital currencies and app proliferation, the need for cybersecurity becomes more critical. With increasing regulatory requirements and soaring customer expectations, the need for transformation and innovation to be built on a secure base is fundamental.

In conclusion, short-term cost-cutting in cybersecurity will only result in short and long-term risk. Rather than making regretful decisions, financial services leaders should consider what smart investments they can make in strengthening cybersecurity postures. This does not necessarily mean paying over the odds for more talent but could mean investigating how to better support existing teams to perform at their peak. Asking them to do more with less is a risk simply not worth taking. The investment in cybersecurity must be viewed as an essential cost of doing business in today's digital age.

Share this page: