What is a “mature” business in cybersecurity? What distinguishes an effective cyber program from another? At a time when digital and physical technologies are more connected than ever, it is becoming essential for financial institutions to protect themselves from cyber risks. For two years, Deloitte, in partnership with the Financial Services Information Sharing and Analysis Center (FS-ISAC), has been trying to find out how companies are facing these risks, and what characterizes the most advanced companies in the field.

The most mature companies in cybersecurity are those that:

  • Involve top management;
  • Placing cyber issues beyond the IT department alone, to give the function the full attention and influence it requires;
  • Align cybersecurity efforts with the company’s business strategy.


Organizations that can integrate these fundamentals and follow the lead of the best-performing cyber security programs will be those that will adapt to a changing business environment and threats.

Our survey indicates that money alone is probably not the answer, as increased cybersecurity spending does not necessarily translate into a higher level of maturity. This means that the way financial institutions secure their data is at least as important as the amount of money spent on cybersecurity.

Download the study