The Agency Insider with Linda McGlasson

A Breach to Remember - What Banks Have in Common with Titanic

A Breach to Remember - What Banks Have in Common with Titanic

Just the other night, I was watching the 1958 classic movie about the sinking of the Titanic. You know, the one that told the straight story before Leonardo DiCaprio and Kate Winslet's steamy romantic version? "A Night to Remember" starred Kenneth More and Honor Blackman, and its documentary-style cinematography might not have won 11 Oscars, but it showed what happened that fateful night in April 1912.

At the end of the film, it was revealed that the shipping line had only put just enough life boats on the ship to meet the minimum regulations required by English maritime law. There were only 20 lifeboats that would hold 1,178. In fact, the Titanic actually exceeded the minimum of 16 boats required at the time for British ships over 10,000 tons. But because the White Star Line didn't want to clutter the decks with more lifeboats, 1,522 people perished that night.

As I sat there watching the credits roll, I thought "How many financial institutions out there only do the 'minimum required' to meet regulatory requirements?"

You're reading this and thinking you're not included in the minimum group. If this is the case -- good for you. But when speaking with various members in the information security community, I'm hearing there's apparently more Titanic ocean liners afloat amidst packs of icebergs in the financial services industry than we'd like to imagine.

This just isn't about information security, but the overall risk at a banking institution. Next time you're thinking of "How can I get around not doing [fill in the blank] to meet my examination requirements" think of the Titanic. When it comes to vendor management, business continuity, red flags - whatever -- don't just do what some call "check box compliance;" do more than what's required.

The original plans for the Titanic called for 64 lifeboats, but White Star management reduced that number, thinking it was an added cost because the ship was touted as "unsinkable." What level of hubris does your institution's management hold when it comes to risk management plans? Do they think they should be reduced to meet only what the regulations call for?

Even if you think your institution is unsinkable, insist on the right number of lifeboats.

About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.