Subscribe
Logo
Logo
  • Topics Icon Topics
    • AI Icon AI
    • Banking Icon Banking
    • Blockchain/DeFi Icon Blockchain/DeFi
    • Embedded Finance Icon Embedded Finance
    • Fraud/Identity Icon Fraud/Identity
    • Investing Icon Investing
    • Lending Icon Lending
    • Payments Icon Payments
    • Regulation Icon Regulation
    • Startups Icon Startups
  • Podcasts Icon Podcasts
  • Products Icon Products
    • Webinars Icon Webinars
    • White Papers Icon White Papers
  • TechWire Icon TechWire
  • Search
  • Subscribe
Reading
Financial institutions’ boards unprepared for cyberattacks despite prioritizing security
ShareTweet
Computer System Hacked. Virus Software Screen On Monitor
Home
Fintech
Financial institutions’ boards unprepared for cyberattacks despite prioritizing security

Financial institutions’ boards unprepared for cyberattacks despite prioritizing security

John C. Checco·
Opinion
·Mar. 30, 2023·4 min read

The following is a guest post by John C. Checco, Resident CISO, Financial Services, Proofpoint.

Financial institutions have been a bigger target for cyber attackers for many years—and have prioritized cybersecurity sooner than many other businesses.

As a result, they have often been more prepared to defend against threat actors. But new research shows that’s no longer the case.

While making cybersecurity a priority in the boardroom and investing heavily in cyber defenses, financial institutions’ board members feel just as unprepared for cyber attacks as their peers in other sectors, according to a report from Proofpoint and Cybersecurity at MIT Sloan (CAMS), entitled Cybersecurity: The 2022 Board Perspective.

The report found that 77% of financial institutions’ boards discuss cybersecurity at least once a month, and 77% view cybersecurity as a priority for their organization.

This commitment is reflected in their financial priorities: 76% of surveyed directors believe they have invested adequately in cybersecurity, and 87% expect their security budgets to increase further in the next year.

But despite the time and money spent on bolstering defenses, nearly half of those surveyed still think their financial institution is unprepared to cope with a targeted cyber attack in the next 12 months.

These findings closely reflect the overall sentiments of the 600 board members surveyed across all industries worldwide.

But the survey found some notable differences in the financial sector. Only 68% of financial services directors think their boards understand systemic risk, compared to 75% across sectors.

Further, 73% consider their institution at risk of a material cyber attack in the next year, compared to only 65% of all board members across sectors.

On the surface, the latter findings may not be encouraging for the industry. But they may be a sign of financial services’ cyber maturity.

Perhaps financial services organizations understand better than others that systemic risk is complex. It isn’t easy to fully comprehend, especially in today’s interconnected and evolving digital world.

These boards may also better grasp the growing magnitude of the threats—and are more realistic about their organizations’ prospects of suffering a material cyber-attack.

Close-up Focus on Person's Hands Typing on the Desktop Computer Keyboard. Screens Show Coding Language User Interface. Software Engineer Create Innovative e-Commerce App. Program Development

People risk broadly overlooked

It is well-established that their employees are the most significant risk for any organization. Human error, for example, is responsible for 95% of cybersecurity incidents, according to the World Economic Forum.

Yet financial boards do not understand this risk. Only 65% of financial services directors surveyed for Cybersecurity: The 2022 Board Perspective showed that human error is their most significant vulnerability.

This finding is a concern because boards may not invest time and money in the proper defenses.

If they do not understand that people are their main cyber vulnerability, they are likely not prioritizing this area.

Yet most attacks now focus on the human element, as threat actors have learned that breaking through the human perimeter is much easier than getting through cybersecurity controls.

Boards’ relationships with CISOs create barriers

The research found a communications gap between the boards and their CISOs. This rift is the most likely reason the increased cyber awareness does not lead to better organizational preparedness.

While financial services organizations fared a little better than other industries, they must do much more to have their boards and security leaders forge meaningful partnerships.

The report did find a sliver of good news: in financial services, there’s a smaller conflict between boards and CISOs. Among financial directors, 81% reported seeing eye-to-eye with their CISOs, vs. only 69% across all sectors.

This is very reassuring. Unfortunately, these positive relationships do not drive increased interaction between the two sides—just half of financial services boards interact with their CISOs regularly, and one-third only see the CISO during board presentations.

Related:

Germany’s SoSafe secures €63.6M for its cyber security awareness and human risk management platform

Such limited contact makes it difficult for boards and security leaders to work collaboratively toward better organizational preparedness and resilience.

That is especially true when CISOs have difficulty speaking the board’s language and translating cyber risk into business risk.

Financial services boards seem aware of this shortcoming. The survey found that after cybersecurity experience, the skill they next value the most in their CISOs is communication—the ability to raise awareness and explain cyber risk nontechnically.

Working together toward organizational success

Meaningful partnerships require both sides to work toward organizational success. The first step to achieving that is to improve communication.

Face-to-face contact is crucial to forging strong relationships, and strong relationships are essential to aligning priorities. CISOs also learn to speak their boards’ language to achieve better alignment and tell a more coherent and compelling story about cyber risk.

The financial sector will remain a prominent target for cyber attacks, and boards have a fiduciary duty to ensure that their organizations safeguard their customers’ data.

Making cybersecurity a priority is a great start, but it is not enough—boards and CISOs must work together strategically to advance preparedness against cyber attacks.

  • John C. Checco
    John C. Checco

    John is an information security professional providing subject matter expertise across various industries. He currently resides as a leader of the CISO Advisory Board on Financial Services for Proofpoint and President Emeritus of the New York Metro InfraGard Members Alliance (an FBI public/private partnership program). John specializes in the areas of Zero-Trust Strategies, Responsible Automation, Biometric Security, and Cyber-Physical coordinated threats on critical infrastructures. You can reach John on his LinkedIn page.

    View all posts
Tags
cyber securityCyberattack
Related

New Security Threats Surround Open Banking, Faster Payments

Four Companies Cooperate for Cyber Security Standards

Marketplace Lending Predictions for 2018

Banks Going Digital – Transforming Branches, Apps and a Focus on Customer Experience

Popular Posts

Today:

  • Jeff Radke AccelerantAs Accelerant IPOs on NYSE, CEO Jeff Radke Hopes to Usher In Insurtech 3.0 Jul. 24, 2025
  • 124Accelerant CEO on IPO, SOLO counters JPM’s Data Push, Housing Market Blues Jul. 24, 2025
  • Eric GlymanHow Ramp’s CEO Eric Glyman is betting big on AI agents Jul. 15, 2025
  • FN articleVisa’s Director of Product Management on BNPL’s Future Jul. 22, 2025
  • Penny LeeThe Battle for Open Banking’s Future Jul. 10, 2025
  • MomentFunded: Moment raises $36M Series B to automate fixed income for financial institutions Jul. 18, 2025
  • WayfoundThe AI Agent Wild West Jul. 9, 2025
  • Funded MomentFunded: Sunsave lands £113M to scale solar subscriptions and go all-in on home energy Jul. 25, 2025
  • 122Diving into The White House’s AI Manifesto Jul. 23, 2025
  • Chris Taylor Fractional AIFractional AI’s CEO Chris Taylor on Scaling the Unscalable Jul. 23, 2025

This month:

  • Penny LeeThe Battle for Open Banking’s Future Jul. 10, 2025
  • Jon StonaTips from Airwallex x McLaren on Making the Best of a Fintech Sponsorship  Jun. 18, 2025
  • KanyiThe World According to Kanyi Maqubela Jul. 8, 2025
  • Stylizedhouse-with-EKGFintech x the One Big Beautiful Bill Jun. 26, 2025
  • Eric GlymanHow Ramp’s CEO Eric Glyman is betting big on AI agents Jul. 15, 2025
  • Pat UtzAbstract CEO on RegTech in the era of Trump 2.0 Jul. 17, 2025
  • WayfoundThe AI Agent Wild West Jul. 9, 2025
  • Paraform Founders, Jeffrey Li and John KimFunded: Paraform raises $20M to put top recruiters, not AI, in the driver’s seat Jun. 27, 2025
  • TechNexus The AI IssueAI’s Existential Opportunity Jul. 9, 2025
  • Revised-AI-InvoiceAI Faces Skepticism. Startups Say: OK, Pay When it Works Jun. 25, 2025

  • About
  • Contact
  • Disclaimer
  • Privacy Policy
  • Terms
Subscribe
Copyright © 2025 Fintech Nexus
  • Topics
    • AI
    • Banking
    • Blockchain/DeFi
    • Embedded Finance
    • Fraud/Identity
    • Investing
    • Lending
    • Payments
    • Regulation
    • Startups
  • Podcasts
  • Products
    • Webinars
    • White Papers
  • TechWire
  • Contact Us
Start typing to see results or hit ESC to close
lis digital banking USA Lending Club UK
See all results