In an age of technological advancement, banks are striving to keep up with the risks that are inherent to innovation. For consumers, it raises important questions of how financial institutions are fighting these risks.

A recent survey by Deloitte Insights on cybersecurity maturity at financial institutions illustrates exactly what the issues surrounding cybersecurity are. According to the survey, of the respondents from financial institutions, just 6% to 14% of their IT budget was spent on cybersecurity, which amounts to a mere 0.2% to 0.9% of revenue. The average is even lower for large financial institutions, which spend an average of 9% of their IT budget on dealing with cybersecurity.

Given the significance of customer satisfaction to the success of a business, the only slight increase in customer satisfaction with retail banks and the potential dissatisfaction of customers that might emerge from unmanaged cybersecurity risks, financial institutions have much to do in the way of improvement.

This indicates that most financial companies are not adopting what the Deloitte report calls an “adaptively mature” cybersecurity measure. Rather, they are instead settling for either “partial,” informed or “repetitive” cybersecurity measures.

What this means is, on average, 90% of financial institutions are not “adapting cybersecurity practices based on lessons learned and predictive indicators derived from previous and current cybersecurity activities.”

The cyber-security model that most financial institutions need to adopt in order to keep up with the looming threat of cyber-attacks is called the “adaptive model.” This is a model of cybersecurity that is the most capable of securing executive leadership interest in all facets of cybersecurity, securing board involvement, moving cybersecurity beyond IT departments and aligning cyber risk strategies more closely with business strategies. Only 17 out of 72 respondents to the Deloitte report were considered “adaptive.”

“No matter how an institution stacks up against its competitors or how those comparisons are made, cybersecurity will remain a work in progress for all financial organizations. Indeed, regardless of who is ultimately in charge and how governance is structured, cybersecurity awareness, responsibility and accountability should be part of every department within every financial services firm.”

With higher customer expectations not being met and increasing risk, it is clear that the adaptive model will be crucial for financial intuition survival, big or small, in the coming years.