The Psychological Impacts of Cyberattacks This is the second episode of a story related to individuals who, in a matter of moments, transition from “employees” to “rescuers” in the immediate aftermath of a destructive cyberattack. What I will call the “Heroes” Which role within a …
Agentic AI is when autonomous AI agents make decisions and execute tasks. It’s poised to revolutionize industries. But with this power comes new cybersecurity challenges. This blog explores the deployment architectures of agentic AI solutions and identifies key attack vectors, offering a glimpse into innovative …
BleepingComputer by Sergiu Gatlan
Microsoft has identified a new form of RAT (Remote Access Trojan) malware that is being used for cryptocurrency theft and detailed reconnaissance of infected systems. This sophisticated malware targets digital wallets and can extract a wide array of sensitive information, paving the way for more invasive attacks. This discovery underscores the evolving nature of cyber threats, particularly those aimed at financial gain. Organisations are advised to enhance their cybersecurity protocols to defend against these stealthy, financially motivated attacks, stressing the importance of continuous monitoring and advanced threat detection systems to thwart these malicious actors effectively.
Read more
SecurityWeek by Ryan Naraine
Exploit code for a critical Remote Code Execution (RCE) vulnerability in Apache Tomcat has been published on a popular Chinese forum, raising concerns about potential widespread attacks. This vulnerability allows attackers to execute arbitrary code remotely, compromising the security of any unpatched Tomcat servers. Security experts urge administrators to apply the latest patches immediately to mitigate the risk. The publication of this exploit code marks a significant escalation in the threat landscape, as it provides attackers with ready access to a powerful tool for infiltrating and taking control of affected systems.
Read more
Cyberscoop by Tim Starks
A court filing has revealed that a staffer from the DOGE project violated several security policies at the Treasury Department. This breach involved unauthorised access to sensitive financial data, potentially compromising critical economic information. The incident has sparked significant concern over internal security protocols and the enforcement of access controls within government agencies. This case underscores the need for stringent security measures and continuous monitoring to protect sensitive governmental data from insider threats, emphasising the importance of compliance with established security policies to prevent similar incidents in the future.
Read more
Dark Reading by Elizabeth Montalbano
RansomHub, a notorious cybercrime group, has started leveraging FakeUpdates, a deceptive tactic involving fake software update alerts, to infiltrate US government networks. This sophisticated strategy targets vulnerabilities in outdated software, tricking employees into installing malicious updates that deploy ransomware. The attacks have heightened concerns about the resilience of government cybersecurity defenses and underscored the necessity for agencies to maintain software updates and educate staff on recognising phishing attempts. These developments highlight the evolving techniques of cybercriminals in bypassing traditional security measures to access highly sensitive government data.
Read more
Dark Reading by Alexander Culafi
Denmark’s intelligence services have issued a warning about a significant increase in cyber espionage activities targeting the nation’s telecommunications sector. These espionage efforts are aimed at accessing sensitive communications and gaining strategic advantages. The alert specifies that foreign state-sponsored actors are primarily responsible, seeking to compromise critical infrastructure to disrupt services or gather intelligence. This escalation prompts a call for enhanced security measures within the telecom industry, highlighting the need for robust cybersecurity strategies to protect against sophisticated and persistent threats.
Read more
The Hacker News by Ravie Lakshmanan
Cybercriminals are increasingly exploiting Cascading Style Sheets (CSS) to circumvent traditional spam filters and track user actions within emails. This method involves embedding malicious CSS code into emails, which not only bypasses spam detection systems but also enables attackers to gather detailed information about how recipients interact with the email content. The technique poses significant privacy and security risks, as it can be used to refine phishing campaigns and increase their effectiveness. This emerging threat highlights the need for more advanced email security solutions that can detect and mitigate such sophisticated tactics.
Read more
BleepingComputer by Bill Toulas
A critical Remote Code Execution (RCE) flaw in Apache Tomcat is currently being exploited in the wild, posing serious risks to systems running unpatched versions of the server software. This vulnerability allows attackers to remotely execute malicious code, potentially gaining full control over affected systems. The urgency for administrators to apply security patches cannot be overstated as exploitation of this flaw could lead to significant data breaches and system takeovers. This situation underscores the continuous threat landscape facing web servers and the importance of timely updates and vigilance in cybersecurity practices.
Read more
The Guardian by Dan Milmo
The founder of Telegram, Pavel Durov, has returned to Dubai amid ongoing inquiries in France concerning the platform’s compliance with data protection laws and its role in spreading misinformation. This move comes as French authorities intensify their scrutiny of social media platforms, focusing on how they manage user data and content. Durov’s return to Dubai, where Telegram has significant operations, highlights the challenges tech companies face in balancing user privacy with governmental demands for greater transparency and control over digital content.
Read more
SecurityWeek by Eduard Kovacs
Nvidia has issued patches for several vulnerabilities in its software that could allow hackers to exploit its AI services. These vulnerabilities were identified in various components of Nvidia’s platforms, which are widely used for AI processing and deep learning tasks. If exploited, these flaws could lead to unauthorised access to sensitive data, disruption of AI operations, or manipulation of AI functionalities. The prompt release of these security patches underscores Nvidia’s commitment to safeguarding its technologies against emerging cyber threats and maintaining the integrity of its AI ecosystems.
Read more
BleepingComputer by Bill Toulas
Cybercriminals are targeting Microsoft 365 users by creating malicious OAuth applications disguised as legitimate Adobe and DocuSign services. These deceptive apps trick users into granting them access to their Microsoft 365 accounts, enabling attackers to obtain sensitive data and potentially launch further malicious activities. The sophistication of these scams highlights the importance of vigilance when authorising third-party applications, emphasising the need for users to verify app authenticity before granting any permissions. This tactic reflects a growing trend in using OAuth apps for phishing and data breaches.
Read more
Security Affairs by Pierluigi Paganini
The Micronesian state of Yap has been severely impacted by a ransomware attack that brought down its health system network. This cyberattack has disrupted medical services and access to crucial patient data, highlighting the vulnerability of critical infrastructure to such threats. The incident underscores the need for enhanced cybersecurity measures in healthcare systems, particularly in regions that may lack the resources to adequately defend against sophisticated cyber threats. The focus is now on recovery and strengthening defenses to prevent future disruptions.
Read more
The Observer by Miranda Bryant
In a surprising shift, Sweden, once at the forefront of the cashless movement, is reconsidering the role of cash in daily transactions. This reflection arises as citizens encounter challenges and limitations with digital-only payments, such as technical failures, exclusion of non-digital natives, and privacy concerns. The move back towards cash underscores a growing recognition of the need for a balanced approach to payment methods that ensures accessibility and security for all segments of society, highlighting the practical realities of a digital economy that may not fully cater to everyone’s needs.
Read more
BleepingComputer by Bill Toulas
A breakthrough has been achieved with the development of a new decryptor for Akira ransomware, utilizing GPUs to crack encryption keys rapidly. This tool offers hope to victims by significantly speeding up the decryption process, potentially restoring access to encrypted files faster than ever before. The introduction of this GPU-powered decryptor represents a critical advancement in the fight against ransomware, providing an effective countermeasure that can mitigate the impact of these devastating cyber attacks. It also underscores the ongoing arms race between cybercriminals and cybersecurity professionals striving to protect user data.
Read more
Security Affairs by Pierluigi Paganini
The newly identified “MassJacker” clipper malware is targeting individuals seeking pirated software, exploiting their quest for free content to steal cryptocurrency. This malicious software modifies clipboard data to redirect crypto transactions to attacker-controlled wallets, seamlessly replacing intended recipient addresses. This method underscores the risks associated with downloading unofficial software, as users inadvertently expose themselves to sophisticated cyber threats. The emergence of MassJacker highlights the need for heightened awareness and preventive measures against the malware threats that lurk in pirated software.
Read more
The Hacker News by Ravie Lakshmanan
Over 14,100 instances of malicious packages downloaded from Python’s package index, PyPI, have led to widespread theft of cloud tokens. These packages, cleverly disguised as legitimate software, siphoned off cloud credentials from unsuspecting developers, compromising numerous cloud environments. This incident highlights the vulnerability of software supply chains and emphasizes the critical need for developers to verify the integrity and source of third-party libraries. It also underscores the importance of robust security practices in managing and safeguarding cloud-based resources from such deceptive attacks.
Read more
BleepingComputer by Bill Toulas
A notorious ransomware gang has developed a new tool that automates brute-force attacks on VPNs, increasing the efficiency of their attacks on corporate networks. This tool targets VPN accounts with weak or default passwords, enabling rapid unauthorized access and subsequent deployment of ransomware. This development poses a significant threat to businesses, stressing the urgent need for robust password policies and enhanced VPN security measures. Companies are advised to enforce strong authentication practices and monitor network traffic to mitigate the risks of such sophisticated attacks.
Read more
Cyberscoop by Derek B. Johnson
California is advancing legislation aimed at tightening controls on geolocation data collection, prompting discussions among privacy experts about the precision and effectiveness of these legal measures. The experts advocate for legislation that accurately targets harmful practices without stifling innovation or overburdening businesses with compliance challenges. This legal push reflects growing concerns over privacy rights and the potential misuse of sensitive location data, underscoring the need for laws that balance protection with practicality in the rapidly evolving digital landscape.
Read more
Dark Reading by Kristina Beek
A key developer of the LockBit ransomware group has been extradited and has admitted involvement with the notorious ransomware operations. This significant legal development marks a pivotal moment in the global fight against cybercrime, as the individual in question was responsible for creating and refining the ransomware used in numerous high-profile attacks worldwide. The extradition and confession are part of a broader international effort to dismantle cybercriminal networks that have caused extensive financial and data losses across various sectors. This case highlights the increasing effectiveness of international cooperation in cybersecurity enforcement and the growing legal repercussions for cybercriminals.
Read more
The Hacker News by Ravie Lakshmanan
The GSMA (Global System for Mobile Communications Association) has officially confirmed the implementation of end-to-end encryption for Rich Communication Services (RCS), marking a significant advancement in secure messaging across platforms. This move aims to enhance privacy and security for users by protecting messages from interception and unauthorized access. The adoption of encryption for RCS addresses longstanding security concerns and positions it as a more secure alternative to traditional SMS and other messaging services. This development is expected to bolster user confidence in RCS, encouraging wider adoption and integration across communication networks.
Read more
Dark Reading by Robert Lemos
Remote access infrastructure continues to be the riskiest attack surface for corporations, as highlighted in recent cybersecurity reports. The surge in remote work has expanded the attack vectors available to cybercriminals, who exploit vulnerabilities in remote systems to gain unauthorized access to corporate networks. This vulnerability emphasizes the need for companies to strengthen their remote access protocols, implement multi-factor authentication, and conduct regular security audits. By prioritizing the security of remote access points, businesses can significantly mitigate the risk of data breaches and cyberattacks.
Read more
SecurityWeek by Ionut Arghire
The malicious software toolkit ClickFix is being increasingly adopted by cybercriminals and Advanced Persistent Threat (APT) groups, facilitating a range of cyber attacks. This toolkit enables attackers to exploit vulnerabilities in commonly used applications and software, effectively automating the delivery of malware through seemingly benign interactions. The widespread use of ClickFix highlights a growing trend in the cybercriminal ecosystem, where sophisticated tools are shared and enhanced collaboratively, increasing the efficiency and reach of cyber attacks. This development calls for enhanced vigilance and updated defensive measures from organizations to protect against these advanced threats.
Read more
The Register by Connor Jones
Apple is at the center of a contentious debate in the UK over its encryption practices, which have ignited significant political and privacy backlash. Allegations suggest that Apple’s stringent encryption methods hinder law enforcement’s ability to access critical data during investigations, sparking a heated dispute about balancing privacy rights with national security needs. This controversy highlights the ongoing global tension between technology companies committed to protecting user data and government agencies advocating for backdoor access to facilitate criminal investigations. The outcome of this battle could have far-reaching implications for privacy laws and tech company operations worldwide.
Read more
Dark Reading by Arielle Waldman
Consumer advocacy groups are intensifying their push for legislation that addresses security concerns with Internet of Things (IoT) devices, particularly around the end-of-life phase. The proposed IoT security bill aims to ensure that manufacturers are legally required to maintain software updates and security patches for a defined period after a product is discontinued. This legislation is seen as crucial for preventing outdated devices from becoming security liabilities within consumer networks. The bill also seeks to enhance transparency, requiring companies to clearly inform consumers about the lifespan of product support from the point of purchase, thus promoting better consumer awareness and decision-making regarding IoT devices.
Read more
Dark Reading by Alexander Culafi
Economic fluctuations are significantly impacting the ransomware ecosystem, shifting the dynamics of how and why attacks are conducted. Recent economic headwinds have led cybercriminals to adapt their strategies, increasingly targeting sectors perceived as more vulnerable to disruption. This analysis explores how economic downturns lead to a rise in ransomware incidents, as attackers capitalize on the heightened desperation of businesses to recover data and maintain operations. It also discusses the evolving ransomware economy, where demand for quick financial returns drives the innovation of ransomware techniques, making it imperative for organizations to adapt their cybersecurity strategies to this changing landscape.
Read more
The Guardian by Amy Fleming
This article explores the challenges that tech-savvy parents face in keeping their children safe online, emphasizing the cunning and ingenuity that kids often exhibit in circumventing digital safeguards. Tech experts share personal strategies and insights on fostering a safe online environment, including open communication about internet risks, the use of advanced parental controls, and educating children about digital footprints and privacy. The piece highlights the balance between protecting children and empowering them with the skills to navigate the online world responsibly, stressing the importance of adapting safety measures as technology and online behaviors evolve.
Read more
Gibson Dunn
The U.S. Cybersecurity and Data Privacy Review and Outlook for 2025 provides a comprehensive analysis of the current state and future projections in cybersecurity and data privacy landscapes. This report highlights the increasing complexity of cyber threats and the evolving regulatory frameworks aimed at enhancing data protection. Key insights include the escalation of state-sponsored attacks, the rising importance of cybersecurity in corporate governance, and the challenges and opportunities posed by new technologies such as AI and IoT. The outlook underscores the necessity for businesses to integrate robust cybersecurity measures and for lawmakers to craft policies that balance security with privacy rights.
Read more
PrivID (Substack)
The ongoing legal battle between Apple and the UK government centers on the contentious issue of encryption and access to digital communications. This clash is part of a broader debate over privacy and security, with the UK seeking ways to circumvent encryption to combat crime and terrorism. Apple, steadfast in its commitment to user privacy, argues that creating backdoors for government access undermines security for all users globally. This analysis delves into the implications of such legal confrontations for tech companies and consumers, emphasizing the potential global fallout of weakening encryption standards.
Read more
Dark Reading by Bhavya Jain
The healthcare industry faces unprecedented cyber threats that jeopardize patient data and critical healthcare operations. This article outlines the most significant threats, including ransomware attacks that lock access to vital records, phishing schemes targeting healthcare professionals, and breaches of sensitive patient information through insecure networks. The need for robust cybersecurity measures has never been more urgent, as these threats not only risk patient confidentiality but also can disrupt entire healthcare systems. Enhanced security protocols, staff training, and investment in advanced cybersecurity technologies are crucial for safeguarding against these evolving threats.
Read more
SecurityWeek by Torsten George
This guide offers a comprehensive breakdown of the anatomy of a cyberattack, providing insights into the sequential stages that attackers often follow: reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions on objectives. It emphasizes the importance of understanding these phases to better invest in cybersecurity measures effectively. The article advocates for strategic security investments that can detect and respond to threats at each stage, reducing the potential impact on an organization. This proactive approach is crucial for businesses to enhance their resilience against increasingly sophisticated cyber threats.
Read more
By CI-ISAC Australia Ambassador for Cyber Threat-Led/Informed Risk Measurement and Co-Chair of the Sydney Chapter of the FAIR Institute, Denny Wan
The article discusses the innovative FAIR-CAM framework, designed to mitigate risks associated with agentic Artificial Intelligence (AI). FAIR-CAM, which stands for Fairness, Accountability, Integrity, and Resilience – Context, Agency, and Means, provides a structured approach to ensure AI systems are developed and deployed responsibly. Denny Wan emphasizes the importance of addressing the ethical implications of AI, particularly as systems gain more autonomy and decision-making capabilities. The framework aims to guide organizations in creating AI that is not only technologically advanced but also ethically aligned, promoting transparency and trust in AI applications.
Read more
By CyAN Board Member and Global VP, Kim Chandler McDonald
In a detailed exploration, CyAN Board Member and Global VP, Kim Chandler McDonald, addresses the urgent need for Australia to establish sovereign satellite communication systems. This analysis highlights the critical importance of self-reliance in satellite technology, essential for bolstering national security and driving economic prosperity. As we face increasing global dependencies on foreign technologies amidst escalating geopolitical tensions, the push for robust, sovereign infrastructure becomes more than a precaution—it’s a strategic imperative. McDonald emphasizes that this move towards technological autonomy is crucial not only for maintaining Australia’s digital independence but also for ensuring its position in a competitive global arena. This analysis serves as a call to action for nations worldwide, urging them to consider similar strategies to protect and empower their futures.
Read more
By CyAN Board Member and Communications Director John Salomon
In his latest opinion piece, CyAN Board Member and Communications Director John Salomon addresses the recurring debates surrounding encryption policies. John argues against weakening encryption standards, citing that such measures would compromise global digital security without significantly aiding law enforcement efforts. Salomon emphasizes the critical importance of maintaining strong encryption to protect personal and national security interests. He calls for a balanced approach that respects privacy rights while addressing legitimate security concerns, urging policymakers to consider the broader implications of encryption backdoors.
Read more
CyAN Board Member John Salomon will take part in what will undoubtedly be a fascinating discussion on the topic, ‘Has Trust in Democracy Survived the 2024 Election Year’ at the Trust and Safety Forum in Lille, France, on April 1st. Panelists Lorena Martinez, Laetitia Avia, and Stéphanie LADEL will discuss debunking disinformation, the role of fact-checkers, and the resources required for a balanced political environment.
CyAN thrives because of the incredible talent, leadership, and dedication of our members, and we are proud to see them shaping the future of cybersecurity on a global stage! 🚀💙
Inspired by recent movements in Europe, where tech giants like Airbus have advocated for a sovereign fund to support local technology sectors, this article explores Australia’s strategic need to develop sovereign satellite communication systems. As digital connectivity becomes increasingly crucial, the time to fortify our …
Information Security News Elon Musk’s Starlink Could Be Used to Transmit Australian Election Voting Results The Guardian by Josh TaylorThe Guardian reports that Elon Musk’s satellite internet service, Starlink, is being considered as a potential method to transmit voting results in Australian elections. This proposal …
The Psychological Impacts of Cyberattacks
This is the first episode of a story related to individuals who, in a matter of moments, transition from “employees” to “rescuers” in the immediate aftermath of a destructive cyberattack.
But what is a Hero in the context of a cyberattack? And why should it matter to us or the company?
Generally speaking, the definition of a Hero that could match what we speak about is:
“A real person or fictional character who, in the face of danger, combats adversity through feats of ingenuity, courage, or strength.”
Protecting sensitive information has emerged as a pivotal concern for businesses across various industries. The ability to efficiently safeguard crucial data is now a decisive factor in achieving long-term success. It’s an endless battle, pitting skilled hackers against savvy security experts. The attackers are constantly adapting their tactics, always staying one step ahead. In contrast, security professionals must navigate increasingly complex corporate defense systems, where compromises are often inevitable. This relentless pressure has led to alarming rates of stress and burnout among IT teams dedicated to cybersecurity.
Despite their best efforts, hackers’ attacks can sometimes be successful, leading to system failures and data loss. The company then enters a crisis management mode often described as ‘war’ mode. Those managing these crises often employ language evocative of war, suggesting a fight for the company’s survival and the preservation of jobs.
In the immediate aftermath of the crisis, the company’s survival hinges on a select group of individuals who swiftly transform from regular employees into rescuers. These remarkable Heroes work relentlessly under immense pressure and stress, often for days or even weeks, with a singular focus: to prevent the company’s collapse and safeguard their colleagues’ jobs. Their dedication and tireless efforts are crucial in stabilizing the situation, ensuring that the company remains operational and that their fellow employees do not face the threat of unemployment.
Fortunately, most rescue efforts are successful, though they may take time and only partially resolve the issues. However, a more prolonged and lesser-known struggle continues, as the affected computer networks must undergo extensive cleanup and restoration while their security measures are strengthened.
Those who are hailed as heroes often face challenges adapting to their new reality, feeling misunderstood and overlooked despite their significant accomplishments. They fluctuate between feelings of frustration and neglect. Several months later, a cyberattack sparks a new round of consequences, this time directly impacting people’s well-being. Overlooked, fatigued, overburdened, and sick, these heroes may be at risk of burning out.
The fact that these people are sick, unmotivated, or even leaving the company will inevitably have a negative impact on managing corrective measures after the crisis. While external consultants or new employees may fill the void left by these absences, the loss of knowledge will still result in collateral damage due to the lack of expertise and institutional memory.
And don’t forget:
“Cyberattacks are like mosquitoes: you don’t see them coming, but they can ruin your night (and your data)!”
“And some, like tiger mosquitoes, can even ruin your life …”
Didier Annet is an Operational & Data Resilience Specialist and a Certified Professional Coach dedicated to empowering individuals and teams to navigate the complexities of an ever-changing digital landscape.
Find him on LinkedIn: Didier Annet
Learn more in his book:
📖 Guide de survie aux cyberattaques en entreprise et à leurs conséquences psychologiques: Que fait-on des Héros ? (French Edition) – Available on Amazon
Coming soon: The English version – “What Happens to Heroes”
Information Security News EU Looks to Tech Sovereignty with EuroStack Amid Trade War Biometric Update by Masha BorakThe European Union is making significant strides towards tech sovereignty with the development of EuroStack, a comprehensive technology initiative aimed at reducing dependence on foreign tech giants amid …
Last Friday, I attended the launch of The Cost of Domestic Violence to Women’s Employment and Education at the University of Technology Sydney. Written by the renowned researcher and writer Anne Summers, this report lays bare how domestic violence and coercive control disrupts women’s financial …
It is essential to clarify from the outset that this analysis does not seek to establish a direct correlation between cybersecurity expenditure and measurable security outcomes, such as the successful mitigation of cyber threats or financial savings resulting from reduced attack impact. While investment in cybersecurity is a necessary component of a robust defence strategy, the complexity of cyber risk, evolving threat landscapes, and the multifaceted nature of security effectiveness preclude any straightforward causal relationship between financial allocation and security success. This study, therefore, focuses on the strategic prioritisation of cybersecurity investment within financial institutions rather than attempting to quantify its direct operational efficacy.
Furthermore, it is important to note that the financial data presented reflects cybersecurity spending over a multi-year period, albeit one from several years ago. Given that this analysis is conducted in 2025, some figures may not fully capture more recent investment trends, emerging security technologies, or shifts in cyber risk exposure. While historical data provides valuable insight into spending patterns and institutional priorities, it does not necessarily indicate present or future financial commitments.
A subsequent analysis will seek to explore potential correlations between cybersecurity investment and key security outcomes, leveraging publicly accessible data where possible. This follow-up study will critically assess available metrics—such as breach frequency, regulatory penalties, and operational resilience—to determine whether any discernible patterns emerge between financial commitment to cybersecurity and real-world security performance. However, given the inherent challenges of isolating variables in this domain, findings will be framed within the limitations of available data, temporal gaps in financial reporting, and broader contextual industry factors.
Major global banks have dramatically increased their cybersecurity investments in the past five years, both in absolute spending and as a share of IT budgets. Table 1 below compares cybersecurity spending for several top banks (by assets) in 2018 vs. 2022, illustrating these trends. North American banks show some of the highest absolute cyber budgets (hundreds of millions of USD annually), while European banks tend to allocate a slightly higher percentage of their IT budget to security. Asia-Pacific banks historically spent less on cybersecurity (contributing to higher vulnerability rates in that region (Low investments in cybersecurity expose financial sector to threats: Experts – The Economic Times), but are now rapidly ramping up investments as cyber threats intensify globally.
Table 1. Cybersecurity Budget Trends at Selected Major Banks (2018–2022) (link here)
Detailed case studies from different regions demonstrate how major banks are implementing significant cybersecurity initiatives. These examples show how banks tailor their cyber strategies to address region-specific threats and comply with local regulations, while investing heavily to bolster resilience.
JPMorganChase, the largest U.S. bank by assets, has made cybersecurity a centerpiece of its technology strategy. In 2019, the bank spent roughly $600 million annually on cybersecurity and employs about 3,000 cybersecurity personnel (With $600 Million Cybersecurity Budget, JPMorgan Chief Endorses AI and Cloud – SecurityWeek). For perspective, this budget was a dramatic increase from preceding years (the bank’s cyber spend doubled from $250 million to $500 million in the mid-2010s (2018 Cybersecurity Market Report), reaching ~$600 million by 2019). JPMorgan’s CEO Jamie Dimon identified cyber risk as perhaps “the biggest threat to the U.S. financial system” (With $600 Million Cybersecurity Budget, JPMorgan Chief Endorses AI and Cloud – SecurityWeek), underscoring why the bank continues to pour resources into cyber defence. JPMorgan’s initiatives focus on advanced capabilities like artificial intelligence and cloud security. Again in 2019, Dimon endorsed a move “all in” on cloud and AI to enhance security, noting the cloud can improve resiliency and scale defenses.
Fast forward to 2024, and JPMorgan’s situation was laid bare by CEO JPM’s Asset Management & Wealth Mary Callahan Erdoes:
Hard numbers on the above were stated during the conference as: $15bn annual technology spend with 62,000 technologists, many of whom were/are focused on cyber specifically.
The firm has built multi-layered defenses and real-time monitoring to handle everything from routine fraud attempts to advanced nation-state threats. U.S. regulatory expectations (from bodies like the FFIEC and New York State DFS) and industry collaboration via the Financial Services Information Sharing and Analysis Center (FS-ISAC) have further driven JPMorgan’s strategy. The bank regularly works with government and industry partners to share threat intelligence and bolster critical infrastructure protection.
HSBC, one of Europe’s largest banks (with a global footprint concentrated in Europe and Asia), has likewise made robust cybersecurity investments and adaptations. HSBC’s annual cybersecurity spending is estimated in the hundreds of millions (USD) – on the order of $600–750 million per year in recent years (Financial Firms Spend Up to $3,000 Per Employee on Cybersecurity). This forms a significant portion of HSBC’s roughly $6 billion overall technology budget (approaching ~10% allocated to security). HSBC’s approach to cybersecurity is heavily influenced by the cross-border regulatory landscape and evolving threats in its key markets. European regulations (think the EU’s General Data Protection Regulation (GDPR) and the PSD2 directive (mandating strong customer authentication)) have pushed banks like HSBC to achieve high standards in data security and fraud prevention. Additionally, EU supervisors (e.g. the European Central Bank) now ask banks for detailed cyber resilience metrics (such as dedicated security staffing) to ensure preparedness (THE CHALLENGE OF ORGANIZING THE BUDGETARY MANAGEMENT OF CYBERSECURITY IN YOUR COMPANY – RiskInsight).
In response, HSBC announced a series of security initiatives to stay ahead of emerging threats. For example, in 2023, HSBC announced that it had become the first bank in the UK to trial quantum cryptography for network security, partnering with BT Group and Toshiba to pilot Quantum Key Distribution for encrypting data between its London data centres (We’re fighting the cyber criminals of the future | HSBC News).
This quote is from former CEO of HSBC Europe, Colin Bell, who highlighted HSBC’s proactive stance on next-generation security. HSBC also continually upgrades more immediate defences: the bank processes 4.5 billion payments a year, and it relies on encryption and real-time threat monitoring to protect those transactions.
Asia-Pacific: DBS Bank (Singapore)
In the Asia-Pacific region, DBS Bank provides a case study in integrating cybersecurity deeply into a digital transformation strategy. DBS is a leading Singapore-based bank operating across Asia, and it has been recognised as one of the world’s most technologically advanced banks. With this digital focus, DBS’s leadership is acutely aware that cyber risk comes hand-in-hand with innovation. A quote from Seng Wei Keng in this FS-ISAC piece sets the tone nicely:
DBS has implemented a multi-layer “onion” security architecture to defend its systems (DBS’ Piyush Gupta explains how the bank deals with digital trust in an era of deep fakes and misinformation – CNA). According to CEO Piyush Gupta, DBS operates under the assumption that some attackers will penetrate outer defences, so the bank emphasises in-depth measures and internal monitoring to limit any potential damage. This includes extensive use of techniques like micro-segmentation of networks, behavioural analytics, and AI-driven anomaly detection to quickly identify and isolate threats. DBS also contracts specialised cybersecurity firms to scour the dark web for any signs of attacks targeting the bank or brand, enabling rapid takedowns of phishing sites and fake domains. These initiatives have earned DBS recognition; it was the first bank to implement an innovative “digital soft token” mobile authenticator (with a money-back security guarantee for customers) and won the regional Cybersecurity Award in 2019 for its security excellence (DBS: On Becoming the Wizard of Digital Transformation).
Regional regulations and threat trends shape DBS’s cyber strategy as well. Singapore’s regulator, the Monetary Authority of Singapore (MAS), imposes stringent Technology Risk Management guidelines, requiring banks to maintain strong cyber governance and report incidents within hours. DBS not only complies but often exceeds these requirements, serving as an industry leader in implementation of measures like secure API frameworks and zero-trust principles. Asia-Pacific has become the most targeted region for cyberattacks globally (31% of all reported cyber incidents in 2022, for example, were in APAC) (Top Cybersecurity Statistics for 2024 | Cobalt), so banks like DBS have had to rapidly elevate their defences. The bank’s investments in cybersecurity have grown annually (while exact figures aren’t public, DBS’s overall tech spending is substantial, and a healthy fraction is devoted to security efforts). By leveraging its tech-forward culture and complying with forward-looking initiatives (for example, MAS’s 2024 quantum-resilience trials with banks (MAS to commence quantum-proofing cybersecurity trials with banks …)), DBS adapts to the region’s unique challenges.
Leaving the reader with these quotes gives you a sense – at least on paper and in front of the press mic – of the seriousness with which bank executives are taking the cyber threat. Leading banking executives have explicitly underscored the importance of proactive cybersecurity investment and strategy – and it’s clear that the spend, both in total volume and as a percentage of IT spend – supports their intuitions. Whilst data are sometimes a bit hard to nail down, what’s clear is that major banks, globally, are spending with vigour. (How effective spend is in reducing loss from cyber attacks is a topic for another article, although successes like that of DBS, for example, suggest risk and impact can be managed well.)
Below are selected quotes from CEOs and board-level leaders at major banks over the past years, highlighting their perspectives on cyber initiatives and commitment:
Next I’ll attempt to articulate the impact of this spend…
Nick Kelly | SecureFlag | CyAN Member
Website: www.secureflag.com
LinkedIn: Nick Kelly
Information Security News Ghost Ransomware Targets Orgs in 70+ CountriesDark Reading by Elizabeth MontalbanoGhost ransomware continues to pose a significant threat globally, now targeting organisations in over 70 countries. This ransomware variant is particularly insidious due to its ability to encrypt data swiftly and demand …