Banks will continue to increase spending on cybersecurity
[ad_1]
Banks are increasing spending on information security. According to experts, growth in 2023 alone could reach 60%, and in 2024 we could talk about another 20%. Moreover, among the key reasons, experts name not only the intensification of cyber attacks, but also the tightening of regulatory requirements, including taking into account the need to replace products of foreign developers. This year, the last factor will become especially significant, since in 2025 credit institutions will have to report on the implementation of import substitution programs.
Information security (IS) experts interviewed by Kommersant note that banks’ expenses in this area increased significantly in 2023 and will continue to grow in 2024.
Thus, the head of the Kept cybersecurity services group, Ilya Shalenkov, estimates the increase in bank expenses by 10–15%. According to the executive director of the TeDo technological practice, Maxim Ivanov, we are talking about 30–50%. The Jet Infosystems company talks about an increase in the costs of financial organizations on information security by 30–60%. In absolute numbers, for small and medium-sized credit institutions this is tens of millions of rubles, and for large ones – hundreds of millions, says Andrey Fedorets, head of the information security committee of the Association of Russian Banks.
According to Maxim Ivanov, key expense items include the introduction of technical means of information security, which is “especially important in connection with the import substitution strategy,” as well as the purchase of services from MSSP providers (subscription information security services), since some companies “had to quickly strengthen the security of the organization with a lack of own resources.” Particular attention is paid to employee training, adds Ilya Shalenkov.
In the total amount of expenses on information security, on average, technical means of information protection account for 40-60%, and import substitution measures – 10-20%, notes Pavel Kovalenko, director of the anti-fraud center of the Informzashita company. The share of spending on the services of MSSP providers, according to the expert, is about 20–30%, the same share is spent on information security specialists (categories may overlap).
The increase in costs is associated not only with the intensification of attacks (see, for example, page 7), but in many ways also with tightening regulatory requirements, experts note. In accordance with Decree of the President of the Russian Federation No. 250 of May 1, 2022, the largest financial organizations are required to switch to Russian software and hardware. As experts note, these are “highly costly activities, since it is necessary to put into operation complex information systems that replicate the functionality of existing ones.”
Also, the rise in prices of solutions from key software and equipment vendors has a serious impact on the growth of budgets, emphasizes Maxim Chivelev, Deputy Commercial Director of Angara Security. Suppliers develop the functionality of their solutions, and also “replace various borrowed components, attracting the resources of expensive development teams for this,” which affects the cost of the final product, explains Alexander Moiseev, leading information security consultant at Aktiv.Consulting.
The banks themselves refuse to officially discuss information security costs. “Taking into account the general trend, banks’ costs for information security have increased, as new standards have appeared,” confirms the observations of experts, Kommersant’s interlocutor in a large credit institution. For example, Mr. Fedorets adds, in accordance with the Central Bank’s standards for operational risk management, it will be necessary to replace the existing infrastructure protection means with those that have FSB and FSTEC certificates.
This year, experts are sure, banks’ costs for information security will continue to increase. According to the vice-president of the Association of Russian Banks, Alexey Voylukov, we can talk about an increase “within 20%”. Further growth will continue to be associated with import substitution requirements and the need to replace suppliers who have left Russia, says SafeTech CEO Denis Kalemberg. This becomes especially relevant in the context of expiring deadlines, explains Mr. Moiseev, already in 2025, and then in 2030, you will have to report to regulators on the implementation of import substitution programs.
[ad_2]
Source link