Leverage MITRE Frameworks for Effective Cyber Investment

Cyber defense strategies in 2025 will lean more heavily on open-source frameworks, such as MITRE ATT&CK and MITRE OCCULT, as financial institutions align risk with their investment priorities. Cybersecurity oversight and enforcement will grow increasingly lax as regulatory influence surrounding operational resiliency continues to wane. The onus now falls on the financial services industry to self-govern and for cybersecurity leaders to align their teams and investments to ensure cyber best practices. 

This Javelin Strategy & Research report examines how and why regulation has receded from cybersecurity, and how organizations will seek to fill the gaps with these knowledge bases. It also looks abroad at cyber regulations in the European Union and how those will affect buying decisions by financial institutions in the United States. 

Key questions discussed in this report:

• How will MITRE ATT&CK and OCCULT frameworks play more pivotal roles in cyber strategy and investment in 2025?
• What influence will new cyber regulation from the European Union have on cyber buying decisions over the next 36 months at U.S. financial institutions?
• How will the private sector fill the regulatory gaps for cyber and operational resiliency at the grassroots level?

Companies Mentioned:

Bank of America, Consumer Financial Protection Bureau, Digital Operational Resilience Act, Federal Financial Institutions Examination Council, Financial Crimes Enforcement Network, MITRE, National Institute of Standards and Technology (NIST), PCI Data Security Standards Council