Banks and financial institutions are consistently raising investment spending in cybersecurity as breaches refuse to slow down, according to Moody’s recent survey.

Moody’s survey of around 240 banks across the globe found cybersecurity practices are increasing investments, irrespective of size or credit strength due to the escalating of incidents.
The survey found financial institutions are “prime targets” as these organisations “safeguard client wealth, facilitate transactions through payment networks and manage vast amounts of personal information.”
As a result of the high threat environment “they are at the forefront of enhancing cyber strategies and investing in defences, processes and talent”.
“The survey's results show financial institutions also devote more attention to cybersecurity at senior management and board levels than other industries, underlining its critical importance,” the report stated.
Findings from the research found the likes of banks of all sizes “have been steadily boosting cybersecurity's portion of IT budget in all regions since 2019.”
The Americas and Asia-Pacific regions have invested more than those in EMEA and advanced defence practices, such as penetration tests and Red/Purple Team engagements, are more prevalent among larger banks.
Moody’s also found banks host most of the IT infrastructure on-site, “with large banks leading the migration to the cloud.”
“Around 80 percent of the respondents' infrastructure remains on-premises as banks gradually migrate to cloud service and software providers with strong defence capabilities.
Findings from Moody’s showed large banks have 65 percent of their infrastructure on-premises and aim to cut this figure to 55 percent within the next year.
“Banks in North America are the most advanced in this process, with more than 30 percent of their IT infrastructure on the cloud, while those in EMEA have only 10 percent.
According to the survey, “about three-quarters of respondents carry standalone cyber insurance.”
“Incident insurance is most prevalent in North America, with 97 percent reporting coverage, compared with 55 percent in APAC.”
The report also said that the “most common incidents covered by these policies include ransom payments, legal settlements, regulatory fines and reputational damage.”