News Analysis: What 'State of the Industry' Means to Banking/Security Leaders
The follow-up question is: Exactly how badly are they hurting, and how will their pain trickle down to impact information security programs and priorities?
By the FDIC's estimate, 90 of its institutions are currently on the so-called "Problem Bank List," up from 77 at the end of last year. These are institutions that theoretically could fail, but which more likely will be bailed out to weather the economic storm.
But just because the institutions survive doesn't mean they'll thrive anytime soon, and that reality impacts security programs in several ways:
Resources will remain tight - indicators are that no one is likely to get any additional headcount or discretionary spending budgets, and there is going to be extra scrutiny on dollars spent and projects pursued. This condition suggests a couple of points to consider:
Outsourcing will flourish - in tough times, businesses focus more on their core competencies, and outsource non-essential tasks and services. This means more reliance on third-party service providers - but at a time when regulators are already pressuring institutions to manage those vendor relationships with greater due diligence and accountability than ever before. Dollars saved on services might be channeled directly into managing and measuring vendor relationships.
The Big Will Get Bigger - in terms of mergers & acquisitions, this is a great time to be an acquiring bank. There are plenty of struggling institutions ripe for the picking. But whether an acquirer or an acquiree, one must be mindful of the role information security and regulatory compliance must play in M&A activity. Customer trust is the critical success factor for any banking institution, and it's at risk today from the security threats that plague banks. Security can't just be part of the discussion in an M&A; it has to start the conversation.
Compliance Feels no Downturn - no matter how many institutions are on the "Problem Bank List," the Identity Theft Red Flags Rule compliance deadline is still Nov. 1. This is the ultimate reality facing banking/security leaders: No matter how harsh the lending crisis or how rocky the economy, identity theft, business continuity and vendor management are still regulatory compliance mandates that won't go away, or for which institutions will be given an extension or a break.
And, really, isn't that the bottom line? It doesn't matter what the regulators say the "State of the Banking Industry" is, or whether your institutions are in or out of the proverbial woods. Compliance is the mandatory destination-- it's up to you to figure out how best to get there.
What are your thoughts on the State of the Banking Industry -- and how it impacts your institution? Take time to share your comments in the box below.