News Analysis: What 'State of the Industry' Means to Banking/Security Leaders

News Analysis: What 'State of the Industry' Means to Banking/Security Leaders
The clear message from banking regulators in their Senate testimony is: Banks are hurting.

The follow-up question is: Exactly how badly are they hurting, and how will their pain trickle down to impact information security programs and priorities?

By the FDIC's estimate, 90 of its institutions are currently on the so-called "Problem Bank List," up from 77 at the end of last year. These are institutions that theoretically could fail, but which more likely will be bailed out to weather the economic storm.

But just because the institutions survive doesn't mean they'll thrive anytime soon, and that reality impacts security programs in several ways:

Resources will remain tight - indicators are that no one is likely to get any additional headcount or discretionary spending budgets, and there is going to be extra scrutiny on dollars spent and projects pursued. This condition suggests a couple of points to consider:

Security leaders are going to have to make a stronger business case in favor of their key projects. Security for security's sake won't cut it; the projects that get funded will be the ones that are defined in the greater context of the institution's business.
Security leaders also may have to think differently about how they manage risk. What are the strongest, most immediate threats to your institution and customer trust (identity theft, phishing) vs. those that might feel a little more distant (i.e. pandemic). Not quite life/death, but security leaders are going to be forced to make some tough decisions between the risks they mitigate and those they put on hold.

Outsourcing will flourish - in tough times, businesses focus more on their core competencies, and outsource non-essential tasks and services. This means more reliance on third-party service providers - but at a time when regulators are already pressuring institutions to manage those vendor relationships with greater due diligence and accountability than ever before. Dollars saved on services might be channeled directly into managing and measuring vendor relationships.

The Big Will Get Bigger - in terms of mergers & acquisitions, this is a great time to be an acquiring bank. There are plenty of struggling institutions ripe for the picking. But whether an acquirer or an acquiree, one must be mindful of the role information security and regulatory compliance must play in M&A activity. Customer trust is the critical success factor for any banking institution, and it's at risk today from the security threats that plague banks. Security can't just be part of the discussion in an M&A; it has to start the conversation.

Compliance Feels no Downturn - no matter how many institutions are on the "Problem Bank List," the Identity Theft Red Flags Rule compliance deadline is still Nov. 1. This is the ultimate reality facing banking/security leaders: No matter how harsh the lending crisis or how rocky the economy, identity theft, business continuity and vendor management are still regulatory compliance mandates that won't go away, or for which institutions will be given an extension or a break.

And, really, isn't that the bottom line? It doesn't matter what the regulators say the "State of the Banking Industry" is, or whether your institutions are in or out of the proverbial woods. Compliance is the mandatory destination-- it's up to you to figure out how best to get there.

What are your thoughts on the State of the Banking Industry -- and how it impacts your institution? Take time to share your comments in the box below.

About the Author

Tom Field

Tom Field

Senior Vice President, Editorial, ISMG

Field is responsible for all of ISMG's 28 global media properties and its team of journalists. He also helped to develop and lead ISMG's award-winning summit series that has brought together security practitioners and industry influencers from around the world, as well as ISMG's series of exclusive executive roundtables.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.