View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Misspending feared as JPMorgan doubles cybersecurity funding

Investment to soar to $500m after last year's 83m customer data leak.

By Jimmy Nicholls

JPMorgan Chase will double its cybersecurity spending in the next year as it seeks to bolster its defences following a cyberattack last year that leaked the data of some 83 million customers.

The banking services firm expects to spend $500m (£320m) throughout this year, up from $250m during 2014, with the move revealed in a filing to the US Securities and Exchange Commission.

"Cybersecurity attacks, like the one experienced by the firm, highlight the need for continued and increased cooperation among businesses and the government," JPMorgan said in the document.

Previously chief executive Jamie Dimon had said the bank would double cybersecurity spending over five years, but the process appears to have been accelerated.

Andrew Taylor, chief executive of the security vendor Bronzeye, which has specialised in bank cybersecurity, said: "They already spend quite a lot anyway, the issue is with what to spend it on. If you keep doing the same thing in the same way you’re going to get the same problem."

He added that hackers are now creating malware that does not leave any trace on the system, and can also reside in places where it is hard to spot.

However he said that there should be a greater focus on the people in the company, which by his estimate account for 70-80% of their cybersecurity problems, rather than merely the technology.

Content from our partners
Technology and innovation can drive post-pandemic recovery for logistics sector
How to engage in SAP monitoring effectively in an era of volatility
How to turn the evidence hackers leave behind against them

"I do feel sorry for them because they have a horrendously difficult job," he said. "They’re spending a lot of money on it and every time they turn round a hacker’s got another zero-day [unpatched flaw]."

But he added that there is a lot of "negligence" and "stupid behaviour" in the cybersecurity industry’s approach to banking, and condemned a generally "ossified approach".

Bob Tarzey, service director at the research firm Quocirca, said: "I think we see in our research there’s a move from companies that have assessed the risk they face and invested in their security.

"Clearly JPMorgan was a laggard and realised it needs to make up the pace pretty fast if it’s going to avid the reputational damage that comes with breaches."

The attack on JPMorgan was revealed last October, and this July led to the charging of five men in connection with the attack, of which four have been arrested.

Only this week the company was named the world’s most systemically important bank by the Office of Financial Research, an American regulator.

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.