Hundreds of U.S. financial companies are ramping up spending to combat hackers following attacks this summer on J.P. Morgan Chase & Co. and at least a dozen other firms. Financial-services companies plan to bolster their cybersecurity budgets by about $2 billion over the next two years, according to a new report by PricewaterhouseCoopers. Spending this year on protecting networks and other cybersecurity efforts will total $4.1 billion, according to PwC’s survey of banks, insurers, money managers and other companies.
The spending increases represent accelerated efforts to keep hackers out and a realization that previous efforts haven’t been sufficient. The increased spending may be a boon for consulting firms and security experts that have increasingly been focused on building up banks’ defenses to cybercrime. The firms include PwC, Deloitte and International Business Machines Corp. as well as smaller specialists like FireEye Inc., Palo Alto Networks Inc. and Trend Micro Inc. Joe Nocera, a technology consulting partner at PwC, said the spending at the 758 companies would likely rise 10% to 20% annually in coming years, leading to $1.3 billion to $2.6 billion in additional spending by 2016.
While Internet breaches have hit everyone from big-box retailers to the U.S. Postal Service, banks and investment firms are in the spotlight because they have been attacked frequently and handle reams of sensitive client data, including millions of checking and savings accounts. Banks’ response has been to spend more. Citigroup Inc.’s annual cybersecurity budget has risen in recent years to more than $300 million. A recent Wells Fargo & Co. report predicted all companies will accelerate their cybersecurity spending by a “low- to mid-teens” percentage over the next two years, compared with an earlier industry estimate by Gartner Inc. of an 8% increase. For its own operations, Wells Fargo spends roughly $250 million a year on cybersecurity and has increased staffing in the area by 50%. The money spent by banks goes to a range of places, from higher salaries for cybersecurity executives to more consultants and programs that are more resistant to hackers. Firms are also spending money to minimize the damage of hacks when they do happen.
Few incidents have garnered the attention of the J.P. Morgan breach earlier this year, which compromised contact information for 76 million households that have been customers of the bank. Less than two months after the problem was disclosed, Chief Executive James Dimon said cybersecurity spending could double over the next five years from $250 million in 2014.
Overall, the number of financial firms reporting losses of more than $10 million from cybersecurity incidents increased more than 140% from a year ago, according to the PwC report. Financial-services companies accounted for 34% of all breaches in 2013, almost three times the percentage of the public sector, which garnered the next highest reading, according to the Verizon 2014 Data Breach Investigation report.