2024 Cybersecurity Benchmarking Survey

The online survey was conducted between January and February 2024. This year's survey covered a wide range of topics and involved the participation of compliance professionals at 308 financial services firms of various sizes. 

Notable findings include:

• Regulatory preparedness and concerns: 44% of respondents surveyed said they are uncertain about how the SEC will enforce the rules, while 36% of compliance professionals cited concerns with complying with cyber incident reporting requirements and timeframes.  
• AI risk management: While 38% of respondents have yet to identify AI as a cybersecurity risk, and 27% don’t consider AI relevant to cybersecurity, nearly half (49%) said they are in the early stages of exploring AI as a tool for cybersecurity risk management.
• Cybersecurity threats: Respondents cited the following as the top three cyber threats they are most concerned about: Payment fraud/business email compromise (70%); ransomware (67%); and privacy threats and risk to personal identifiable information (52%). Respondents are least concerned about deepfakes, with just 5% citing them as a concern.
• Cybersecurity preparedness: Approximately 79% of compliance professionals expressed confidence in their firm’s ability to respond to a cyber breach. Only 40% have done an external test of the firms’ response plan.
• Cyber insurance: Approximately 83% are confident in their ability to respond to an unforeseen system outage. Most respondents (85%) who have cyber insurance say it is viewed as a key risk management tool.
• Vendor cybersecurity: Despite clear concerns over how vendor due diligence is performed, more than half (51%) of firms have not renegotiated any vendor contracts with additional cybersecurity provisions in the last 24 months.