43% of IT executives at European financial institutions reveal that fears of a cyber-attack keep them awake at night – two months before the GDPR comes into force, according to figures published by financial services IT consultancy and service provider Excelian, Luxoft Financial Services.
The survey of over 200 IT executives working in capital markets, wealth management and corporate banking reveals that although 89% agree implementing a cybersecurity strategy is a top priority, budget cuts and staff shortages make implementing cybersecurity strategies difficult.
55% of respondents cite a lack of IT investment as a significant source of stress in their role, rising to 63% of professionals in the UK alone. However, those in Switzerland and Austria are less concerned about budget cuts, with only 40% and 43% of IT professionals expressing frustrations, respectively.
IT executives also feel they don’t have access to the right talent and are not fully trained – 54% say they are frustrated by a lack of training and learning opportunities, whilst 26% are also kept awake by a skills shortage in their IT department. As a result, 36% of IT professionals working in the financial services sector are reluctant to recommend increasing cybersecurity spend.
“IT departments in banks are being pulled in two directions,” says Marcin Swiety, Global Head of Luxoft’s Information Security practice. “Banks want to focus on digital innovation, but IT professionals feel unable to escape from the ever-present cyber threat. Budget cuts are leaving smaller teams with fewer spare hours in the day. Unable to plan ahead, they spend their days firefighting problems and upgrading legacy systems.”
European IT professionals working in financial institutions on both the buy-side and sell-side also believe that insufficient cybersecurity strategies combined with reacting to other daily struggles is preoccupying too much of their time. On average, IT executives say more than half of a CIO’s role is responding to events as they happen, whereas only 40% of their role is proactive.
“Enabling real digital innovation requires CIOs to consider new tactics that can help IT keep pace. One approach is to adopt new technology such as low-code application development. Low-code doesn’t require extensive programing experience which speeds up the development process and makes it possible to transfer some of the workload to teams outside of IT,” said Chris Bown, Director, UK at Mendix.
“In our experience, organizations in the financial services sector who are working to embrace innovative application development create small teams who use an agile approach to quickly identify projects, build, test and iterate on the solutions. These projects span a variety of use-cases including improving internal operational efficiency, creating better customer experiences and launching new products. With a majority of budget and effort spent on maintaining legacy systems, IT leaders need to incorporate new tools and methodologies to enable their team to maximize their remaining budget and resources on projects that will advance their business,” Bown concluded.
The complexity of internal technology systems at larger and more established institutions in particular also forces those CIOs to have less time to implement change. 28% of IT executives say that the complicated internal processes make it more difficult to implement cybersecurity strategies.
“Most financial institutions want to capitalise on technologies like blockchain, AI and the cloud, but they are difficult to implement both securely and at pace,” says Mr Swiety. “If we want to see digital transformations that are truly protected from the cyber threat, then institutions must find a way for IT departments to free up their time.”