Where Do Financial Services InfoSec Leaders Most Need Innovation to Pursue Strategic Cybersecurity Solutions?

Chief information security officers (CISOs) and information security (InfoSec) leaders have some of the most difficult roles in financial services (FS). Whether leading cybersecurity at a financial institution, insurance carrier, or FS firm, these people have one of the most challenging jobs in the modern age: defending their enterprise against never-ending attacks!

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) defines strategic cybersecurity intent as “Defend Today, Secure Tomorrow”. This is well said. Experienced cybersecurity leaders know the ever-present dual pursuit to defend well in the present while planning for a better future. These dynamics are part of what makes cybersecurity leadership so challenging and so rewarding.

This blog is focused on “securing tomorrow” and the role of innovation. CISOs and InfoSec leaders look to market solutions to shore up gaps, but the best leaders pursue new solutions which fundamentally lift the efficacy of the entire cybersecurity ecosystem. The solutions that are most sought after tend to be innovative, creative efforts to solve traditional problems in new ways. In cybersecurity, few ideas may be novel, but many solutions embody some kind of innovation. Would any security vendor say its solution does not include some kind of innovation? 

Where do InfoSec leaders within financial services most need market innovation?

In a survey concluded in January, our team asked 221 CISOs and InfoSec leaders questions aimed at strategic cybersecurity improvements. These leaders served financial institutions and large merchants in eight countries (the U.S., the U.K., Germany, Brazil, Australia, India, Saudi Arabia, and the United Arab Emirates). One interesting question related to innovation, where we asked cybersecurity leaders where they believed more innovation was needed to improve solutions available in the market. Here are the results:

Three enterprise defense challenges rose to the top regarding need for innovation:

1. Artificial intelligence (AI) was the top area, with 56% of leaders surveyed believing much innovation was needed and 85% indicating either much or some innovation was needed.  (This survey concluded in January, prior to recent national and global discussions about AI advancements. How much higher would these numbers be if we conducted this survey again today?)
2. “Defending against tomorrow’s attacks,” a category of better understanding future attack vectors and defenses, came in second, with 55% of leaders perceiving much innovation was needed and 89% indicating either much or some innovation was needed. 
3. Identity, with the purpose to enable digital transformation, came in third, with 52% indicating much innovation was needed and 83% indicating either much or some innovation was needed in the market. (Identity for purposes of enabling zero-trust security outcomes came in fourth place for perceived innovation need.)

The results tell us much about the needs of FS CISOs and InfoSec leaders who purchase cybersecurity solutions and whose teams operate these solutions to defend their enterprise. These solution types share some interesting commonalities:

1. These solutions are fueled by technology and data: As with many leading cybersecurity components, each solution harnesses the power of technology and integrated data. 
2. FS cybersecurity leaders need more from these solutions: These solutions are strategic to FS leaders, who have invested funds, time, and reputation into each of these three critical areas. But in highlighting these solution types as top for innovation need, CISOs and InfoSec leaders are saying they want more. That their businesses need more practical value, such as stronger defenses or greater efficiencies.
3. Each of these solutions is on a journey: These critical solutions deliver value today and are expected to deliver more value in the years ahead. CISOs and InfoSec leaders in the FS space believe that more innovation will lead each of these solutions to deliver greater practical value to empowering and securing their business.

If you are wondering what the next steps in innovation may look like for solutions addressing each of these three areas, or how top innovation needs intersect with top needs for InfoSec external assistance or budget, check out my report Cybersecurity 2023: InfoSec Leaders Pursue the Future of Financial Services or contact me here.