Just two years ago, the topic of information security was anathema to some bank executives. Sure, problems existed. But the general attitude was that it wasn't quite a crisis until a problem hit your own bank. Security was a cost center -- it was a necessary evil that hampered the quick rollout of new initiatives. As a result, many banks would implement just enough of a fix to meet the bare minimum for regulatory compliance.
But that attitude has taken a sharp about-face over the past year. Perhaps it was the slew of high-profile data breaches and stories of lost data tapes and pilfered laptops that caused financial institutions to rethink their approaches to security. Now information security is coming out of the IT shop and into the front lines of the business itself at an industrywide level.
Andrea Klein, chief marketing officer (CMO) with San Francisco-based digital credential provider IdenTrust, confirms that there is a new interest in security issues among banks around the globe. "What I think is new is that companies in Europe are reporting security and fraud in bigger numbers than they previously did," Klein relates. "They seemed to think security was a U.S. problem, but Europe is starting to see that it's their problem, too. This is a big change. They're recognizing that this is a global problem and they're paying more attention to it. It's not one bank's problem."
And it's not just the banks themselves that need to be safeguarded from criminals. Their growing partner networks also need to be secured, stresses Jonathan Gossels, president of security consultancy SystemExperts (Sudbury, Mass.). In light of the heightened attention to consumer data privacy, "The focus on their partners by banks today is well-placed," he comments. "You want to see if the mechanisms your partner is using are as strong as those you use. Also, besides those interactions between the customers and the banks, some of these interactions are between the partner and the customers. So banks have to recognize it's a more-complex world."
In the Online Channel We Trust?
In that more-complex world, it's crucial to maintain client confidence at all times, whether those customers are from your bank or from another institution, says John Watkins, director of online services at Charlotte, N.C.-based Wachovia ($706.4 billion in assets). "Of most concern to me is customer confidence," he remarks.
"Data breaches and any type of security concern in the online space affect customer confidence, whether it's your bank or not," Watkins continues. "This creates a problem for the fastest-growing channel -- it's convenient, scalable and lower-cost. We're concerned that customers will lose confidence if we can't provide them with a good feeling that they are safe online. It's about trust."
The Internet channel is largely responsible for banks' renewed focus on security, according to Karl Landert, CIO of private banking and Europe, Middle East, Africa region, for Credit Suisse (Zurich/New York; US$1.17 trillion in total assets). "The greater interest in security at large is due to the technology integration that connects clients to the Internet," he says. "The security and availability of all our Internet offerings are top of mind for me. The biggest risk isn't the loss itself but the [damage to the] bank's reputation. Some of our competitors had to close down their online banking systems for days because of attacks. If you don't keep security threats at bay, they will force a bank to shut down its systems" -- and, ultimately, damage its reputation with consumers, Landert adds.
"The money is a concern, but even more so is the reputational risk," agrees Patrick Giacomini, managing director with PricewaterhouseCoopers Advisory in New York. "This can be very damaging. It hurts your market capitalization and you lose customers because they think you can't keep them safe. It's about trust. That's why banks are spending a lot of effort in this space."
For these reasons, financial services providers are beginning to realize that security is about much more than preventing unauthorized access to their customers' data and funds. Winning the trust of customers, both in the retail and commercial space, is key to beefing up banks' bottom lines, experts agree. And building security into business strategy is one way to foster this new way of thinking at banks, especially as they fight tooth and nail for every account.
"Banks aren't looking at security from a risk-management perspective but from a business-acceleration perspective," says Mark Geffen, director of marketing, consumer solutions group, RSA Security (Bedford, Mass.). "This is a very big change that helps fund more security initiatives because it's not something you have to do, but something that grows the business."
"Security is moving from being an infrastructure tool where it protects the data to something at the intersection between compliance and security," adds Warren Zafrin, national practice leader in financial services information security, BearingPoint (New York). "Over time, security will be a differentiator for banks. It's about trust. People will trust their information and assets with a financial institution that will protect them. So security really goes beyond preventing data breaches to enhancing relationships."
And security is increasingly important to maintaining those relationships. "Data privacy laws are raising awareness among banks and their customers regarding handling of data," states PwC's Giacomini. "So the majority of people expect a bank to be secure."