$250Million: A World Class CEO needs to spend to protect his Shareholders and Customers from Cyber Security Threats

This is what JP Morgan Chase is spending this year on IT Security in 2014. The 1000 people are the number of IT Security professionals he will need to employ in 2014.

Jamie Dimon, CEO of JP Morgan in his letter to shareholders report highlighting page 22 of his cyber security plan.

This $250 million number is up from $200 million in 2012.

The 1000 people is up from 600 people in 2012. Stunning numbers.


If you also look closely you will see that although it is cloaked in a funny word called “Intelligent Fusion”. Although I have not heard of SEIM being called Intelligent Fusion it is interesting the investment being made to manage all the Security Events across the globe.


If you are a small to medium business you can also accomplish the same thing and as Jaime mentions above coordinate all the security events and it does not have to be an incredibly costly proposition. There are wonderful Big Data Security Event Analytics options to consider that would be great to plug into your operations IT support personnel that can assist in this very very difficult task of event correlation. You can accomplish your own “Intelligent Fusion” as well.

Confidence and Bravery

Information security professionals as a group we need to have more confidence. I was reading a report published from Protivity’s 2014 Cyber Security Report and one of their 8 major findings is that IT professionals lack confidence.

My response to this is that we need to take the lead from Jaime Dimon in his letter to the JP Morgan shareholders.

We can’t afford to play defensively. We need to be relentlessly proactive in our IT Security plans and this starts with our attitude. It is very hard to play back on our heels. Lean into this problem.

  • Govern your data. Get into the weeds and find the data that is going to get you in a lot of hot water with customers, shareholders, and auditors.
  • Be relentless in your pursuit to segment and police this data.
  • Protect and watch your Domain Controllers. In particular watch for elevation of permissions.
  • Finally, stop trying to do this yourself. Engage a good big data security analytics company to assist you.