Financial institutions are spending more on security than they were five years ago. They have more security tools, invest more in training, have more policies in place and report on security more regularly. That sounds positive, but it does not automatically make them more secure. One of the biggest challenges for security leaders is deciding where to focus. New vulnerabilities, threat reports and regulatory requirements appear all the time. With so much competing for attention, it can be difficult to separate genuine priorities from the latest headline.