JPMorgan Chase spends Roughly $600 Million Annually on its Security Efforts, and Employs Around 3,000 People Involved With Cybersecurity
In his annual letter to shareholders, Jamie Dimon, chairman and CEO of JPMorgan Chase discusses the position and role of the bank in America and the American economy. Against a background of strong performance ($32.5 billion in net income on revenue of $111.5 billion in the last year), he talks about the bank’s principles and strategies, comments on current critical issues, and describes the bank’s public policy.
Within this letter (PDF), he makes several statements on cyber and cybersecurity. He endorses cloud, confirms the growing use and value of artificial intelligence (AI), prefers a federal privacy law, and describes the importance of cybersecurity.
“On the importance of the cloud and artificial intelligence, we are all in,” he says. To some degree, the two are linked. The exponential scalability of the cloud “will be especially relevant as we scale up our artificial intelligence efforts.”
Three advantages offered by the cloud are stressed: scalability, development and security. For development it provides a ‘frictionless’ experience that improves prototyping and increases “the speed of delivering new capabilities to our customers and clients.” On security, he suggests that the cloud can now meet the demands of large enterprises around “security, audit procedures, access to systems, cyber security and business resiliency.”
As a result, JPMorgan Chase will be ‘refactoring’ most of its applications to take full advantage of cloud computing.
Artificial intelligence (AI) and machine learning (ML) “are helping us reduce risk and fraud, upgrade customer service, improve underwriting and enhance marketing across the firm. And this is just the beginning.” The bank has two important AI projects: Algo Central (not mentioned in this letter) and DeepX.
Algo Central is a trading platform. Its algorithms are designed to allow clients to use predictive analytics to tailor orders, and change the speed and execution style while the trade is live.
“DeepX,” explains Dimon, “leverages machine learning to assist our equities algorithms globally to execute transactions across 1,300 stocks a day, and this total is rising as we roll out DeepX to new countries.”
Dimon is equally enthusiastic on the role of ML in fraud prevention and detection. It provides, he says, a better customer experience while improving performance. “We are now able to approve 1 million additional good customers (who would have been declined for potential fraud) and also decline approximately 1 million additional fraudsters (who would have been approved).”
He also expects ML to reduce check fraud and improve Anti-Money Laundering/Bank Secrecy Act protocols and processes. But this is just the beginning. The combination of cloud scalability in storage and computing power, the ability to analyze vast data sets and rapidly change applications means, “we have only begun to take advantage of the opportunities for the company and for our customers.”
Cybersecurity, he says, “may very well be the biggest threat to the U.S. financial system;” but he sees hope in the increasing mobilization of both industry and the federal government to combat the threat. The bank spends around $600 million every year on its security efforts, and employs around 3,000 people involved with cybersecurity.
He makes two points on privacy — always an important subject for banks. He comments on the European approach to privacy, which he says includes the right principles, but is difficult to implement. He believes that the U.S. should have its own privacy laws, but they should be at the national rather than federal level. “Different state laws around privacy rules would create a virtually impossible legal, compliance and regulatory-monitoring situation.”
He finishes his comments on cyber with a veiled swipe against social media giants like Facebook and Twitter. “The most crucial privacy issue of all relates to protecting our democracy.” He points out that the First Amendment does not extend to foreign governments, entities or individuals, yet “foreign governments and others are aggressively using social media and other platforms to confuse and distort information.”
He believes that this should not be allowed, and that there are ways to address the issue. “We will be talking more about this issue in the future,” he says.
Related: Facebook Chief Says Internet Firms in ‘Arms Race’ for Democracy
Related: State vs. Federal Privacy Laws: The Battle for Consumer Data Protection
Related: Suspect Arrested in JPMorgan, Dow Jones Data Theft Case
Related: Financial Regulator’s Algorithm Compliance Concerns Are Relevant to All
Related: 3 Public Cloud Security Myths Debunked

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.
More from Kevin Townsend
- Venafi Leverages Generative AI to Manage Machine Identities
- Hacker Conversations: Casey Ellis, Hacker and Ringmaster at Bugcrowd
- OT/IoT and OpenTitan, an Open Source Silicon Root of Trust
- CISOs and Board Reporting – an Ongoing Problem
- Vector Embeddings – Antidote to Psychotic LLMs and a Cure for Alert Fatigue?
- The Team8 Foundry Method for Selecting Investable Startups
- Hacker Conversations: Alex Ionescu
- The Reality of Cyberinsurance in 2023
Latest News
- In Other News: New Analysis of Snowden Files, Yubico Goes Public, Election Hacking
- China’s Offensive Cyber Operations in Africa Support Soft Power Efforts
- Air Canada Says Employee Information Accessed in Cyberattack
- BIND Updates Patch Two High-Severity DoS Vulnerabilities
- Faster Patching Pace Validates CISA’s KEV Catalog Initiative
- SANS Survey Shows Drop in 2023 ICS/OT Security Budgets
- Apple Patches 3 Zero-Days Likely Exploited by Spyware Vendor to Hack iPhones
- New ‘Sandman’ APT Group Hitting Telcos With Rare LuaJIT Malware
