Banks with IT-savvy board are hit less by cyberattacks and downtime
Banks with more IT experts on their board experience significantly less cyberattacks and critical IT downtime, a European Central Bank (ECB) report shows.
Major financial institutions have long struggled to negotiate the risk relationship between cybersecurity and financial planning. Chief information security officers (CISOs) often find it hard to communicate cyber risks in forms which banks’ boards can understand.
IT outsourcing expenditure increased by 10% in 2018 compared to 2017
Which is why copious data – including ECB’s latest report – points to banks needing to appoint IT experts to their boards.
This become ever more important as the number of reported cyber incidents continues to increase year on year, says the ECB.
The central bank dubs those banks which prioritise cybersecurity from the board down as houses of more IT innovation and better IT risk monitoring.
Cyberattacks
The report found that banks with two or less IT-savvy board members experienced the highest number of cyberattacks across 2018.
The highest bracket of successful attacks – which ranged between 50 and 90 – happened solely to firms with two or less IT experts on their board.
Banks with three or more IT experts on their board all experienced 15 or less successful cyberattacks over 2018. That’s a significant way from the heady heights of 90. 
Downtime
A similar pattern can be seen for bank’s downtime. Banks with two or less IT-savvy board members experienced an average of three hours critical downtime in 2018.
But those banks with three or more IT experts on their board only experienced an average 1.5 hours of downtime the same year. A whole 50% less.
The most downtime a more IT-led bank had over 2018 was 6.5 hours. Whereas the most downtime a less IT-focused bank experienced was a staggering 22 hours. That’s nearly four times the number of hours.
Data quality
The ECB highlights “data quality management” – alongside IT risk management – as a major area lacking adequate risk controls in many banks.
“This is despite the experience of the global financial crisis,” says the ECB. “Which showed that many institutions lacked the ability to correctly aggregate risk exposures and to identify concentration risks quickly and accurately.”
The global data quality tools market stood at $505.65 million in 2016, according to Zion Market Research.
But by 2022, this market is predicted to grow to $1.283 billion. This signals a burgeoning need for solutions which manage data-based products and services in both finance and other industries.
The ECB also found “a number of cases” where data was “wrongly submitted to supervisors” in banks during 2018. 
Outsourcing
IT outsourcing expenditure increased by 10% in 2018 compared to 2017. Cloud outsourcing is “becoming noteworthy”, the ECB says. Around 3% of all IT outsourcing expenditure is spent on the cloud, according to the report.
Zooming out, the ECB reveals that IT expenses accounted for around 21% of total annual expenditure in banks.
The central bank thinks this is “relatively stable” when compared to the 20% reported in 2017.
The most a bank spent on its IT infrastructure was 41% of its expenditure. The least a bank spent on this was 7% of its outflow.
But despite the increase in IT spending, there were still “a significant number of institutions” relying on end-of-life (EOL) systems for their critical processes in 2018.
Read next: EPA critiques FCA approach to Wirecard suspension
