JPMorganChase is billing its $1.5 trillion Security and Resiliency Initiative as crucial to the nation’s economic security and resiliency. 

Under the 10-year plan, the financial firm will make direct equity and venture capital investments in select companies in key industries, a $1.5 trillion, 10-year plan to facilitate, finance and invest in industries critical to spur growth, innovation and strategic manufacturing.   

“It has become painfully clear that the United States has allowed itself to become too reliant on unreliable sources of critical minerals, products and manufacturing – all of which are essential for our national security,” JPMorganChase Chairman and CEO Jamie Dimon said in announcing the initiative. “Our security is predicated on the strength and resiliency of America’s economy. America needs more speed and investment. It also needs to remove obstacles that stand in the way: Excessive regulations, bureaucratic delay, partisan gridlock and an education system not aligned to the skills we need.” 

The company said it was focusing on four key areas: 

• Supply Chain and Advanced Manufacturing, which includes critical minerals, pharmaceutical precursors and robotics. 

• Defense and Aerospace, encompassing defense technology, autonomous systems, drones, next-gen connectivity and secure communications 

• Energy Independence and Resilience, covering battery storage, grid resilience and distributed energy 

• Frontier and Strategic Technologies, focusing on AI, cybersecurity and quantum computing  

The promise of investment — particularly in AI, cybersecurity and quantum comes at a crucial time.  

“Organizations are facing increasingly sophisticated cybersecurity attacks that are being driven by the growth of AI,” said Seth Spergel, managing partner at Merlin Ventures.  

“While AI is powering a whole new generation of defensive tools, it also makes the types of attacks that were once the domain of only very experienced threat actors much more accessible,” Spergel says. “As a result, organizations around the world are seeing both nation-states and criminals probe their defenses at a significantly higher volume than years past,” amplified by geopolitical tensions, creating “an obvious driver for continued, substantial investment in the cybersecurity market.”  

As budgets tighten, AI is continuing to play an important role in security, with companies handing over routine security tasks to AI-powered security tools. While AI systems won’t replace security professionals, they can give “overwhelmed teams the additional resources they desperately need to stay on top of threats,” said Matt Lee, security and compliance senior director at Pax8.  

The key, Lee says, “is continued investment, and working with technology partners who understand how to weave AI capabilities into your existing security stack without creating more headaches.” 

The organizations that get the balance of human insight and AI muscle right, he says, “are managing to keep their security posture strong even when their budgets and investments can’t necessarily keep up with the growing threat landscape.” 

Organizations should be making investments in both zero-trust and microsegmentation. “In a world where increased cybersecurity tool investment is not reducing the number of cyberattacks, zero-trust approaches help enterprises use investments to augment foundational cyber defense with robust operational procedures,” says Agnidipta Sarkar, chief evangelist at ColorTokens. 

“In my view, any board who are mature enough to realize that breaches are inevitable should demand the organization leadership to present to them with two simple parameters… the investment in cyber resilience necessary to build foundational breach readiness to continuously reduce the exposure to material impact to levels acceptable for the pursuit of business objectives…and “the amount of investment necessary to continuously increase the amount of “unaffected” digital business, as cyberattacks happen,” he says.  

“Once boards and governing bodies are focused upon these two issues, hindrances will dissolve,” Sarkar contends. 

Quantum, too, could benefit from a healthy boost in investment. Because quantum computers eventually will be able to break modern cyptography, Adam Everspaugh, cryptography expert, Keeper Security, says ‘the cybersecurity industry needs to work together to design and integrate new cryptographic standards.” That might take a year or more, he says, “which is why attention and significant investment must happen now, and not when it’s already a critical problem.”  

But investment needs to extend beyond discrete aspects of security to address entire ecosystems.  

“It’s time for a paradigm shift in thinking about third-party risk management, checklists, posture assessments and compliance reports for managing the risks of the early 2000s,” says Dave Tyson, partner, intelligence operations, at iCounter.  

With AI reducing the speed to attack from months to days, organizations “must treat [their] entire ecosystem as part of [their] attack surface,” he contends. “That means the fundamentals of attack surface management apply wherever there is an attack vector with the third parties you are connected to.” 

Organizations need to “go beyond traditional campaign thinking of attacker breaches,” he says, to understand how they connect to third parties, the data of theirs that those third parties have, and “how your organizations are connected” to be able to actively build a defended ecosystem. “This is where organizations need to be making their investments in the months and years ahead,” Tyson says.