Quicksilver LB
Follow Us



Digitalization, COVID-19 Spurring More IT Investment in Cybersecurity

Financial services industries across the board are earmarking more IT spending for cybersecurity protection in 2020 than in past years, with identity and access management, cyber monitoring and operations, and endpoint and network security receiving more than 50% of the pie, according to a new study by Deloitte.

The financial institutions surveyed – including the insurance sector – spent an average of $2,700 per full-time employee on cybersecurity, increasing from about $2,300 the previous year. All told, this translates to about 10.9% of a financial institution’s IT budget on cybersecurity on average, up from 10.1% a year earlier.

Cybersecurity spending for the insurance sector rose as a percentage of IT spending from 2019 to 2020, from 9.3% to 11.9%, the study finds.

The annual survey was conducted in January 2020 by the Cyber & Strategic Risk Services team at Deloitte & Touche LLP and the Financial Services Information Sharing and Analysis Center (FS-ISAC). Respondents were FS-ISAC members on how they are confronting cyber challenges.

Key findings include:

  • For the last three years, respondents identified rapid IT changes and rising complexities as their No. 1 cybersecurity challenge. To help effectively mitigate emerging cyber risks, companies should consider digitally enabling the cyber function within the broader IT service development process. Adopting “security by design” principles during technology development could also help financial institutions create more secure products.
  • Cybersecurity is often included as part of the IT function, and CISOs typically report to the CIO or CTO at their firms, according to most respondents from large financial institutions. This reflects the need for close integration of cybersecurity and IT.
  • At the same time, financial institutions may want to retain a certain level of independence for cybersecurity, which could help ensure risk management decisions are not overshadowed by IT constraints.
  • Respondents cited emerging technologies such as cloud, data analytics, and robotic process automation as top cybersecurity investment priorities. Access control, protective technology, and data security were emphasized as rationales.
  • As digitization and remote work accelerates, and lines among employees, customers, contractors, and partners/vendors are blurring, many traditional network perimeters and boundaries are obscured. Users, workloads, data, networks, and devices are everywhere. "Zero Trust" has emerged as a concept for enforcing "least privilege" for modern enterprises contending with the ubiquitous nature of these domains.

To access the full report, go to Deloitte.

Featured articles

Clear Lync MR



The Email Chat is a regular feature of the ITA Pro magazine and website. We send a series of questions to an insurance IT leader in search of thought-provoking responses on important issues facing the insurance industry.


April 5th – 7th, 2020
The Diplomat Resort
Hollywood, FL
Become a member today to receive updates – www.itapro.org/MR


only online

Only Online Archive

ITA Pro Buyers' Guide

Vendor Views

Partner News