BB&T CEO on Making Security a PriorityKelly King Urges Executives to Get Better Informed
Kelly King, CEO, president and chairman of BB&T, one of the nation's largest banks, urges other CEOs to ensure that their executive teams and boards are well-informed about cyber-risks.
"The most important advice I could give to any CEO in any industry is to make sure that they and their executive team, and their board, are aware of their risk," King says in an exclusive interview with Information Security Media Group. "If you don't know the risk, you can't develop a strategy to mitigate the risk. And in dealing with cybersecurity, information is critical and timing is everything."
King, a leader in supporting cyberthreat intelligence sharing among U.S. banking institutions, says cyber-attacks are the banking industry's No. 1 risk. "You can't erase the risk, but you can mitigate it," he says. "And you must spend the money to do this."
Budgeting for Defense
BB&T, which has $186.8 billion in assets, has seen its cybersecurity budget double in the last two to three years, King says. "It's growing on an annualized basis at a very strong, double-digit pace; and, frankly, I expect that will continue for as far as I can see."
Budgeting for defenses aimed at mitigating the impact of cyber-attacks is every CEO's obligation, King says. As the level and sophistication of attacks has escalated, so, too, has the need for CEOs to step up and take responsibility, King contends.
"I hope that we reach some type of tipping point, where we can scale back on these investments," King says. "But today, I say we're a long way from that. ... We have to continue to make substantial investments in this area. We have done it; we will continue to do it. And I would strongly recommend everybody to spend a lot more than you think you can afford. Because the cost of not doing it is unacceptable."
During this interview, King also discusses:
- Why BB&T is a strong advocate of simulated cyber-attack exercises;
- How the Financial Services Information Sharing and Analysis Center has improved cross-industry threat-intelligence sharing; and
- Why all banking leaders are responsible for ensuring they are cooperating with other industry players to reduce cyber-risks.
King, who ISMG in January 2015 named one the financial industry's most influential people, has served as chairman of BB&T since January 2010, and has been president and CEO since January 2009. Before taking the helm, he served as chief operating officer from July 2004 until December 2008. He has been a member of the bank's executive management team since 1983. Over the past 42 years, he has assumed leadership roles in commercial and retail banking, operations, insurance, corporate financial services, investment services and capital markets. He served on the board of the Federal Reserve Bank of Richmond from 2009 to 2012, and he served as chairman of the North Carolina Bankers Association Board, along with many other state-based groups.