BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

UK And Germany Double Down On Joint AI, Clean Energy R&D Efforts
Decarbonizing Heavy Transportation: Quantron's Michael Perschke On Pioneering Hydrogen Solutions
Bridging The Digital Divide In The AI Era - The UNDP Way
Big Tech Ramps Up Content Moderation Amid EU Pressure
Spain's Successful Miura 1 Launch Reignites Europe's Hopes For Space Exploration
UNESCO And The Netherlands Launch Initiative To Ensure Ethical Oversight Of AI
Edit Story
ForbesTech

Why J.P. Morgan Chase & Co. Is Spending A Half Billion Dollars On Cybersecurity

Steve Morgan
Former Contributor
Opinions expressed by Forbes Contributors are their own.
I write about the business of cybersecurity.
This article is more than 8 years old.

J.P. Morgan Chase & Co.'s Form 10-Q Quarterly Report -- which was filed on August 3, 2015 with the United States Securities and Exchange Commission -- provides a partial explanation as to why the firm is planning to spend a half billion dollars on cybersecurity. That number is twice the $250 million which the financial services giant previously had budgeted for protecting its information technology systems and networks.

“J.P. Morgan is going to spend a half-billion dollars on security this year, and we still feel challenged,” Andy Cadel, general counsel, IP and data protection for J.P. Morgan Chase told a crowd of IT professionals at a recent conference titled “Future Ready: The Business of Tomorrow-Today,” which took place at Bloomberg LP headquarters in Manhattan, according to an article in Bloomberg's Big Law Business.

On page 83 of its 10-Q Report (for the quarterly period ended June 30, 2015), J.P. Morgan lays out its Forward-Looking Statements which are, by their nature, subject to risks and uncertainties, many of which are beyond the Firm’s control. These two statements speak directly to cyber risks:

  • Ability of the Firm to maintain the security of its financial, accounting, technology, data processing and other operating systems and facilities.
  • Ability of the Firm to effectively defend itself against cyberattacks and other attempts by unauthorized parties to access the Firm’s information or disrupt its systems.

Some industry trends and figures help complete the explanation as to why J.P. Morgan is planning to spend such an extraordinary amount of money on cybersecurity. Considering the following:

  • Infosecurity Magazine stated that financial services firms are hit by security incidents a staggering 300 times more frequently than businesses in other industries.
  • Deloitte states that the financial services sector faces the greatest economic risk related to cybersecurity. In the “Deloitte 2015 Banking Outlook”, they say to improve cybersecurity, banks will be forced to devote greater resources to enhancing the security, vigilance, and resilience of their cybersecurity model and should consider: Adopting new methods, such as war gaming, attracting specialized talent, and increasing collaboration with other members of the ecosystem; Beefing up their intelligence apparatus to detect new threats in a timely manner; Expanding the role of the CISO to include clear and prompt communications with the board.
  • According to the “Semiannual Risk Perspective from the National Risk Committee”, published in Spring 2015 by the Office of the Comptroller of the Currency (OCC) in Washington, D.C., operational risk is high as banks adapt business models, transform technology and operating processes, and respond to increasing cyber threats. Banks may not incorporate resiliency considerations, including recovery from cyber events, into their overall governance, risk management, or strategic planning processes, increasing their vulnerability (to cyber-attacks). Banks and their employees, customers, and third-party service providers continue to be vulnerable to cyber attacks that can compromise data or systems or allow criminals to illegally obtain personally identifiable information.
  • The Depository Trust & Clearing Corporation (DTCC) announced last year that almost half of the respondents (46%) in its most recent “Systemic Risk Barometer Study” cited cyber security as their top concern and 80% of respondents rated it as a top 5 risk overall. The cyber security rating has almost doubled in just one year as security incidents continue to rise across the financial markets, with specific respondent feedback citing the growth in the “frequency and sophistication of cyber attacks”.

The cyber threatscape has big banks spending big bucks on cybersecurity. J.P. Morgan, Bank of America, Citibank And Wells Fargo are collectively spending $1.5 billion to battle cyber crime.

According to the “Banking & Financial Services Cybersecurity: U.S. Market 2015-2020 Report”, published by Homeland Security Research Corp., the 2015 U.S. financial services cybersecurity market reached $9.5 billion, making it the largest non-government cybersecurity market. The report concludes that this market will be the fastest growing non-government cybersecurity market, exceeding $77 billion in cumulative 2015-2020 revenues.

Bank of America's CEO Brian Moynihan is probably the most realistic about what large financial services firms should expect to spend on the war against hackers. In a live interview from Davos Switzerland on Bloomberg TV roughly one year ago, he said the nation’s second largest lender would spend $400 million on cybersecurity in 2015… and it was the first time in 20 years of corporate budgeting he had overseen a business unit with no budget. Moynihan said the only place in the company that didn’t have a budget constraint was cybersecurity.

Steve Morgan
Steve Morgan