Marcin Swiety, Global Head of Luxoft’s Information Security practice

A new survey reveals that 43% of IT executives at European financial institutions fear the threats of cyber-attack so palpably that it keeps them awake at night. And this is just two months before the General Data Protection Regulation (GDPR) comes into force and days after the Facebook / Cambridge Analytica breach was announced. These fears were published in a survey carried out by financial services IT consultancy and service provider Excelian, Luxoft Financial Services.

The survey of over 200 IT executives working in capital markets, wealth management and corporate banking reveals that although 89% agree implementing a cybersecurity strategy is a top priority, budget cuts and staff shortages make implementing cybersecurity strategies difficult. A full 55% of respondents citing a lack of IT investment as a significant source of stress in their role, rising to 63% of professionals in the UK alone. However, those in Switzerland and Austria are less concerned about budget cuts, with only 40% and 43% of IT professionals expressing frustrations, respectively.

IT executives also feel they don’t have access to the right talent and are not thoroughly trained – 54% say they are frustrated by a lack of training and learning opportunities, while 26% are also kept awake by a skills shortage in their IT department. As a result, 36% of IT professionals working in the financial services sector are reluctant to recommend increasing cybersecurity spend.

“IT departments in banks are being pulled in two directions,” said Marcin Swiety, Global Head of Luxoft’s Information Security practice. “Banks want to focus on digital innovation, but IT professionals feel unable to escape the ever-present cyber threat. Budget cuts are leaving smaller teams with fewer spare hours in the day. Unable to plan, they spend their days firefighting problems and upgrading legacy systems.”

European IT professionals working in financial institutions on both the buy-side and sell-side also believe that insufficient cybersecurity strategies combined with reacting to other daily struggles are preoccupying too much of their time. On average, IT executives say more than half of a CIO’s role is responding to events as they happen, whereas only 40% of their position is proactive.

The complexity of internal technology systems at larger and more established institutions in particular also forces those CIOs to have less time to implement change. 28% of IT executives say that the complicated internal processes make it more challenging to implement cyber security strategies.

“Most financial institutions want to capitalise on technologies like blockchain, AI and the cloud, but they are difficult to implement both securely and at pace,” says Mr Swiety. “If we want to see digital transformations that are truly protected from the cyber threat, then institutions must find a way for IT departments to free up their time.”

by Bill Boyle
IBS Intelligence Senior Editor