It turns that even the largest organizations harbor reservations about the strength of their cyber defense.

“JP Morgan is going to spend a half-billion dollars on security this year, and we still feel challenged,” Andy Cadel, general counsel, IP and data protection for JP Morgan Chase told a crowd of IT professionals assembled at conference earlier this week.

The estimate can be found in the bank’s quarterly statement filed this past August — although it did not disclose the dollar value of its spend, only that the bank expects in each of 2015 and 2016 to double the amount spent on cyber security in 2014. In its 2014 annual report, the company disclosed it spent $250 million to strengthen its cyber capabilities.

The comments came during the conference titled, “Future Ready: The Business of Tomorrow-Today,” and took place at Bloomberg LP headquarters in Manhattan. [Full disclosure: Bloomberg LP owns Bloomberg BNA, the parent company of Big Law Business; and BNA hosted the conference.]

Cadel spoke on a panel about how to prepare cyber defenses, and was joined by Edima Elinewinga, executive director of Information Technology for the United Nations Foundation, John McClurg, vice president, Dell Global Security, Laura Deaner, chief information security officer at PR Newswire, and was moderated by Michael Newborn, vice president and chief security officer, Bloomberg BNA.

Figuring out how to budget IT expenses responsibly, including what can be handled internally and what should be outsourced to vendors, was a recurrent theme throughout the day’s discussions.

Earlier in the conference, David Bray, chief information officer at the Federal Communications Commission, said in 2013 the agency spent 85 percent of its budget on maintaining legacy systems, a sum he was able to reduce to less than 50 percent.

Bray said that savings came from shifting more than 200 legacy systems to a cloud-based IT platform.

Deaner, CIO of PR Newswire, said that just training employees is an important task. For instance, employees that use their own mobile devices and smartphones but configure them with company data often do not realize that the company needs to know if the phone is lost or stolen. “That’s very important,” said Deaner. “They need to realize they need to call the help desk.”

Speaking about lawyers generally, Cadel said the rising importance of adequate cyber security has been challenging for many in his profession who lack familiarity and deep background in the area. “It’s a relatively rare, not a common skill set for lawyers until the past few years,” he said in an interview after the conference.