43% of IT executives at European financial institutions reveal that fears of a cyber-attack keep them awake at night – two months before the General Data Protection Regulation (GDPR) comes into force, according to figures published by financial services IT consultancy and service provider Excelian, Luxoft Financial Services – a division of Luxoft (NYSE:LXFT).
The survey of over 200 IT executives working in capital markets, wealth management and corporate banking reveals that although 89% agree implementing a cybersecurity strategy is a top priority, budget cuts and staff shortages make implementing cybersecurity strategies difficult. 55% of respondents cite a lack of IT investment as a significant source of stress in their role, rising to 63% of professionals in the UK alone. However, those in Switzerland and Austria are less concerned about budget cuts, with only 40% and 43% of IT professionals expressing frustrations, respectively.
IT executives also feel they don’t have access to the right talent and are not fully trained – 54% say they are frustrated by a lack of training and learning opportunities, whilst 26% are also kept awake by a skills shortage in their IT department. As a result, 36% of IT professionals working in the financial services sector are reluctant to recommend increasing cybersecurity spend.
“IT departments in banks are being pulled in two directions,” says Marcin Swiety, Global Head of Luxoft’s Information Security practice. “Banks want to focus on digital innovation, but IT professionals feel unable to escape from the ever-present cyber threat. Budget cuts are leaving smaller teams with fewer spare hours in the day. Unable to plan ahead, they spend their days firefighting problems and upgrading legacy systems.”
European IT professionals working in financial institutions on both the buy-side and sell-side also believe that insufficient cybersecurity strategies combined with reacting to other daily struggles is preoccupying too much of their time. On average, IT executives say more than half of a CIO’s role is responding to events as they happen, whereas only 40% of their role is proactive.
The complexity of internal technology systems at larger and more established institutions in particular also forces those CIOs to have less time to implement change. 28% of IT executives say that the complicated internal processes make it more difficult to implement cybersecurity strategies.
“Most financial institutions want to capitalise on technologies like blockchain, AI and the cloud, but they are difficult to implement both securely and at pace,” says Mr Swiety. “If we want to see digital transformations that are truly protected from the cyber threat, then institutions must find a way for IT departments to free up their time.”