On April 24th, CoNetrix released their inaugural report, The State of Cybersecurity in the Financial Institution Industry. In order to understand the industry better, CoNetrix distributed a 44-question survey to individuals of financial institutions. The survey remained open from November 1, 2018 through January 31, 2019. At the end of that timeframe, CoNetrix received 243 completed survey responses.
A panel of CoNetrix security and compliance experts analyzed the survey data looking for trends and significant results. Through studying and parsing the data, several interesting observations and a few conclusions were identified. Here are a few of the many trends discovered in the report:
- Only 11% of institutions have a Board member with cybersecurity or IT experience.
- Of those surveyed, 41% plan to increase their budget for cybersecurity.
- On average, 18% of an institution's operational budget is dedicated to cybersecurity.
- A large majority (80%) use the FFIEC Cybersecurity Assessment Tool as their primary method of evaluating cybersecurity maturity.
- The top 3 incidents experienced in 2018 were social engineering, malware, and accidental security breach by an employee.
To see the full analysis, download the free report: https://conetrix.com/2019-Survey-Report
About the report
Out of 243 respondents, 82% represented banks, 13% represented credit unions, and 4% represented other institutions such as mortgage and trust companies. The asset size of the institutions fell into a bell curve across the spectrum, with 67% representing institutions with assets of $100 Million to $1 Billion: a good representation of community banks.
CoNetrix divided the report information into seven categories:
- Board Oversight
- ISO Management and Staffing
- Budgeting for Cybersecurity
- Cybersecurity Tools and Frameworks
- Incident Response
- Assurance and Testing
One area CoNetrix asked about was the makeup of the Information Security Officer (ISO) role within the institution. Of the individual responses, 74% said the ISO role is one individual person, 12% said ISO is a department with multiple people, 12% said ISO is a committee made up of multiple people from multiple departments, and 2% said ISO is outsourced to a third party.
Why this type of report?
CoNetrix is passionate about technology and cybersecurity, and desires to better understand how they fit within the financial institution industry. No previous research existed specifically for this industry in the realm of cybersecurity. "CoNetrix has a strong desire to better understand the cybersecurity landscape of the industry we serve," explained Brian Whipple, Marketing Manager for CoNetrix. Whipple went on to say, "We feel we are in an ideal position to help provide analysis of this data to better inform key stakeholders within our industry; which, hopefully, will lead to better decision-making and an overall stronger cybersecurity environment."
How to access the report
Access The State of Cybersecurity in the Financial Institution Industry 2019 Survey Report by visiting conetrix.com/2019-Survey-Report and download the report.
CoNetrix is a full service computer networking, security, compliance, and software development firm serving financial institutions across the United States. CoNetrix performs over 400 security engagements annually, including IT/GLBA Audits, Penetration Tests, and Vulnerability Assessments. CoNetrix is the creator of Tandem, a simple yet robust online platform for managing information security policies, information security risk assessments, audit findings, third-party vendors, and business continuity planning. Also, CoNetrix provides managed IT services to financial institutions and other security-minded organizations.