Financial institutions prioritize investment in cybersecurity technology but no matter how much they spend for protection, their systems and data remain vulnerable.
“You could never say any organization is 100% secure and they’ll never be hacked,” Ray Kelly, fellow at cybersecurity company Synopsys Software Integrity Group, told Bank Automation News, noting that even the U.S. government gets hacked.

FIs can be responsible for data and application on-premise, but that’s an added cost, Kelly said. This is where third-party vendors come in, presenting additional risk.
“It’s hard to really protect yourself when you rely on third parties,” Kelly said. “They are always under attack because hackers see a pot of gold [consumer data].”
This week, Infosys McCamish Systems (IMS), data service provider for Bank of America, reported it was hacked in October, leading to a data breach at the $2.4 trillion bank, according to IMS’ Feb. 1 filing to the Office of the Maine Attorney General notifying the state of the breach.
Sensitive information, including Social Security numbers and the addresses of 57,000 Bank of America clients in Maine and Texas were leaked, according to the filing.
The breach happened when hacker group LockBit released its malware into IMS and locked the service provider out, asking for ransomware, Syed Amoz, co-founder and chief technology officer of risk management company Falcon Wise Technology, told BAN.
“Ransomware can be transferred with emails … or SMS with a phishing link that can lead to ransomware,” Amoz said.
Cybersecurity spend
Bank of America fell victim to the hack, despite its hefty cybersecurity budget.
The bank spends $10 billion on technology annually, including the cost of information security technology, Amanda Sorensen, senior vice president of the Business Information Security Office, previously told Bank Automation News.
The bank also invests in its innovation for information security, according to its September release on granted patents. Out of 313 patents granted in the first half of 2023, 87 were for information security.
Even with efforts in place to counteract attacks, there is always a level of vulnerability that puts banks at risk when they bring in a third party — even with in-depth security audits, Amoz said.
Bank of America declined Bank Automation News’ request for comment.
Get ready for Bank Automation Summit U.S. 2024 in Nashville, Tenn., on March 18-19! Discover the latest advancements in AI and automation in banking. Register now.






