The Cybersecurity Maturation Mandate

Across 1 sector, 2 filers are signaling rising cost pressure. First observed in 2025Q4; no trajectory yet. Mixed: strategic (60%), risk (20%), cost (20%). Present-tense — companies describing what is happening now. One disclosure notes "spent and expect to continue to spend significant resources to modify and enhance our protective measures." Too early to confirm a trajectory.

Large financial institutions are systematically upgrading their cybersecurity posture by investing in both technical infrastructure and employee awareness training, driven by evolving threat landscapes and regulatory expectations.

DISTINCT NEW FILERS PER QUARTER

NEW FILERS THIS QUARTER

— QoQ

SPREADING ACROSS

1 industry

Financials

FIRST SURFACED

2024Q1

of recorded history

✦ WHAT THE DIFF CAUGHT

Language shifts from describing cybersecurity governance as a static risk control to framing it as a continuous, resource-intensive capability-building effort requiring both technical and human-centered investment.

REPRESENTATIVE SIGNAL FROM FILINGS

“spent and expect to continue to spend significant resources to modify and enhance our protective measures”

The company has spent and expects to continue spending significant resources on protective measures and incident response capabilities.

—BANK OF AMERICA CORP /DE/$BACSEC.GOV ↗10-K Item 7 · filed 2026-02-25

“emphasized phishing and cybersecurity training for our employees and allocated additional resources”

The company has increased investment in employee cybersecurity training and business continuity resources in response to emerging threats.

—GOLDMAN SACHS GROUP INC$GSSEC.GOV ↗10-K Item 7 · filed 2026-02-25

DRIVERS

+ FINANCIALS