We no longer support this browser. Using a supported browser will provide a better experience.

Please update your browser.

Close browser message

Treasury and Payments

Improve your working capital, reduce fraud and minimize the impact of unexpected disruptions with our treasury solutions—from digital portals to integrated payables and receivables—all designed to make your operations smoother and more efficient.

Learn more about our treasury solutions:

Credit and Financing

Prepare for future growth with customized loan services, succession planning and capital for business equipment or technology.

Learn more about our credit and financing solutions:

Commercial Real Estate

Get the strategic support to be successful throughout market and real estate cycles with insights, hands-on service, comprehensive financial solutions and unrivaled certainty of execution.

Learn more about our commercial real estate solutions:

International Banking

Global opportunities mean global challenges. But real success means understanding the local markets you serve—which is why we bring the business solutions, insights and market perspective you need. 

Learn more about our international banking solutions:

Cybersecurity and Fraud Protection

Evolving With the Emerging Tech and Cybersecurity Landscapes

Lori Beer, JPMorgan Chase’s Global Chief Information Officer (CIO), discusses technology startups, machine learning and the firm’s cybersecurity countermeasures.


This article was originally published in Commercial Banking’s magazine, Cybersecurity: Technology and Tactics.

As Global CIO, Lori Beer is responsible for JPMorgan Chase’s technology systems and infrastructure worldwide. She manages a budget of more than $11 billion and a staff of over 50,000 technologists supporting the firm’s retail, wholesale, and asset and wealth management businesses.

Q: As you think about the evolution of cybersecurity, how has JPMorgan Chase developed and what is our cybersecurity strategy?

A: As our clients’ needs evolve, we’re focused on delivering market-leading technology at speed. Cybersecurity plays a critical role in that technology strategy, because cyberattacks get more sophisticated every day. Criminals are targeting high- and low-value payment channels (e.g., SWIFT and direct file transmission systems), as well as other financial products. To combat these attacks, we continue to make substantial cybersecurity investments in areas such as detection and identification and mitigation of threats, and we use multiple layers of defense.

We collaborate and partner with other financial services firms, emerging technology companies, government regulators and agencies. Our work together is critical to protecting our clients and advancing our cybersecurity capabilities. Our Global Chief Information Security Officer serves as the chair of the Financial Services Information Sharing and Analysis Center (FS-ISAC), while our Consumer & Community Banking’s CIO is the chair of the board for the Financial Systemic Analysis & Resilience Center (FSARC).

Q: As the firm’s CIO, you’ve discussed the firm's support of technology startups. How does that figure in your overall approach to cybersecurity?

A: We are very focused on working with the emerging tech and fintech ecosystems so that we stay close to the leading edge of innovation. Startups are generally first to market with new solutions in this space. Across the firm, we test over 100 new solutions every year and typically move forward with more than half of them.

While our appetite for working with emerging tech is high, we maintain a very high bar of cybersecurity and controls requirements for all of our third-party suppliers. To do business with us, any new company we engage must demonstrate that they can meet our control requirements. Currently, our focus is on browser isolation, data protection, malware analysis and digital identity and authentication solutions.

Q: What role does machine learning play in your cybersecurity strategy?

A: For us, the potential in machine learning is to identify suspicious client account activity, identify vulnerabilities, and predict and defend against cyberattacks. It can help humans discern between benign “incidents,” such as a client mistyping a password, and actual cyberattacks. But it can also be used by cybercriminals against the firm. We see machine learning as an opportunity to augment our current controls mechanisms.

Q: You mentioned the sophisticated evolution of the threat landscape. What are JPMorgan Chase's countermeasures?

A: We maintain a relentless focus on protecting the firm and its clients, so cybersecurity is always a priority. Successfully maintaining our program involves creating innovative cybersecurity approaches, developing strong threat intelligence, strict risk management, operational integrity and a security-first culture. Across the firm, we enforce comprehensive controls for every line of business at every level.

Detection is a tactical area of focus for us. We invest in leading fraud-detection capabilities. New threats appear every day, and we fight them by quickly detecting, identifying and mitigating them.

We maintain significant investment in our cybersecurity defenses, and focus our cybersecurity strategy on securing our technology platforms, applications and services. We have also developed an extensive client education program that includes webinar training, one-on-one meetings, seminars, calling campaigns, and cybersecurity awareness and fraud-prevention materials. And because employees are our first line of defense, we provide them with a robust cybersecurity education and awareness program.

Q: What can other companies do to help protect themselves?

A: If you’re a smaller company, developing a cybersecurity program can seem overwhelming. But it’s very important to take the first step, launch a program and keep moving it forward. The firm offers a variety of educational services—whether it’s for our online platforms, such as J.P. Morgan Access® or Chase Connect®, or through individual client meetings or industry conferences.

Education is the key, so at the very least you need to require employee training and implement cyber drills and tabletop exercises to evaluate next steps.


Get in Touch and Stay Informed

icon
Loading...