Where Will the Smart Money Be Going in Bank Cybersecurity in 2025?

Banks are preparing to significantly boost their IT budgets in 2025. How do we know? We asked them directly. In our latest Integris special report, "Understanding US Banks Annual IT Spend in 2025," we surveyed over 1,000 bank executives from US banks with assets ranging from $3 million to $20 billion. The results were clear: banks plan to invest more and invest wisely in their IT over the next year. Here are some key findings:

• No bank reported plans to reduce their IT budget.
• 88% indicated they would boost IT spending by at least 10% in 2025.
• 52% felt the need to increase IT investment despite already heightened spending.
• 86% identified cybersecurity as their top concern and the primary area for budget increases.

As the Director of Security Services at Integris, I am encouraged to see so many financial institutions recognize the importance of cybersecurity investment. I have some predictions about where this increased budget might be directed in 2025. Let's explore where these funds could make the biggest difference in the new year.

Five Key Opportunities for Banks to Strengthen Their Cybersecurity in 2025

Artificial Intelligence (AI) is revolutionizing the business landscape, particularly in cybersecurity. The industry is witnessing a surge in advanced tools that leverage AI to thoroughly analyze incoming threats. Security software is becoming more sophisticated and comprehensive than ever. Here are some ways banks will likely shift their security focus to exploit these new resources.

Opportunity #1—Transitioning from SIEM to XDR for Enhanced Threat Detection

Security Incident and Event Monitoring (SIEM) has long been a staple in the banking industry, quickly spotting anomalies and malware within server logs, network devices, and applications. However, many SIEM solutions are now being integrated into more comprehensive Extended Detection and Response (XDR) systems. XDR expands the scope of security telemetry data to include endpoints, network traffic, and cloud environments. Unlike traditional SIEM systems that rely on predefined rules and signatures, XDR employs advanced analytics and machine learning to detect a wider array of threats, including new and emerging ones.

This shift offers several significant benefits for banks, such as:

• Reduced Alert Fatigue: XDR minimizes the high volume of false positives typically associated with SIEM, providing more accurate and contextualized alerts.
• Comprehensive Visibility: By integrating data from multiple sources, XDR offers a holistic view of potential threats.
• Enhanced Response Capabilities: XDR detects threats and automates and orchestrates responses across various security layers.
• Scalability and Flexibility: Cloud-native and scalable XDR solutions are easier to deploy and manage than traditional SIEM systems.
  
  

Opportunity #2—Upgrading from VPNs to Secure Web Gateways

Virtual Private Networks (VPNs) have been essential for securing employees' network connections, whether in the office or working remotely. However, the rise of Secure Web Gateways (SWGs) has begun to overshadow VPNs. SWGs act as intermediaries between users and the internet, inspecting all web traffic for threats and policy violations. They enforce security policies by blocking or allowing traffic based on predefined rules. They can be deployed as on-premise appliances, cloud-based services, or software applications.

A Secure Web Gateway combines several security features into one powerful tool, including:

• URL Filtering: Blocks access to malicious or inappropriate websites.
• Anti-malware: Prevents the download or execution of malware.
• Data Loss Prevention: Protects sensitive data from being leaked or stolen.
• Content Filtering: Blocks harmful or non-compliant material.

We strongly recommend talking to your MSP to find the right SWG partner and the right application for you.

Opportunity #3—Enhancing Security with Cloud Access Security Brokers

Investing in a Cloud Access Security Broker (CASB) is a smart strategy for clients whose employees frequently use cloud-based applications. Unlike secure web gateways that monitor all internet traffic, a CASB acts as a gatekeeper between users and cloud service providers, ensuring that data protection and security policies are enforced when accessing cloud services.

A CASB offers serious protection for your cloud data, providing detailed insights into cloud usage and identifying potential risks. Regulators also favor CASBs because they help ensure compliance with cloud usage policies. This makes CASBs a valuable investment and a benchmark for cloud security.

Opportunity #4—Implementing Advanced Security Awareness Training Programs

Many community banks and credit unions already provide basic cybersecurity training for their employees. Yet, too many are missing out on more sophisticated training options.

Modern online Security Awareness Training (SAT) programs make it easy to keep employees informed about the latest hacker tactics. These comprehensive, interactive, and monitored programs offer a plug-and-play solution. By subscribing to a training license for each employee, you can deliver short, fun lessons directly to their inboxes each month.

The best SAT programs are scalable and offer features such as:

• Short, Engaging Video Lessons: Quick monthly lessons drive the lesson home.
• Graded Reports: Track employee progress and test scores.
• Completion Certificates: Automatically uploaded to employee HR profiles.
• Automated Reports: Provide proof of best practices to cyber risk insurers and regulators.
• Dynamic Content: Regularly updated training based on current cybersecurity threats and trends.

These scalable and manageable training programs are a wise investment for any financial institution, no matter what your size.

Opportunity #5—Identifying Gaps in Your Cyber Risk Insurance

Cyber risk insurance is a regulatory requirement for banks, and it plays a crucial role in safeguarding against the financial fallout from data breaches. However, many banks overlook the fine print in their policies, leading to significant coverage gaps.

An annual review of your cyber risk insurance with your broker is essential to ensure it aligns with your growing organization's needs. The details are critically important with these policies. Beyond covering basic data breach losses, ask if your policy includes protection in these key areas:

• Third-Party Risks: Coverage for incidents like the CrowdStrike outage, where losses occur due to issues with third-party vendors.
• Regulatory Fines and Penalties: Many policies exclude these, yet they can be substantial in the financial sector.
• Reputational Damage: Protection against business losses and recovery costs following a breach and the subsequent loss of customer trust.
• Advanced Persistent Threats: Coverage for sophisticated, long-term cyberattacks that infiltrate networks over time.
• Policy Exclusions: Be aware of exclusions such as acts of war or terrorism and other limits that could leave your bank vulnerable.
• Incident Response Costs: Ensure coverage for legal fees, public relations efforts, and customer notification expenses, which are often not included.

It is crucial to regularly update your cyber risk insurance to match your institution's growth and security goals. Now is the time to examine your entire cybersecurity strategy and strengthen your defenses.

Want to Find Out More About Where Banks Are Spending Their IT Budgets in 2025?

Download our free report at: https://integrisit.com/resources/us-bank-it-spend-2025-report/

More about our contributing author

Jeremy Pogue has worked in IT for over 12 years and is currently the Director of Security Services for Integris, an IT services company. To learn more about their services visit: https://integrisit.com/