07:56 AM
Connect Directly

Insurance Industry May Drive Bank Security Policies

Insurers may require banks to counteract higher threat levels with increasingly stringent security standards as part of policy renewals.

Information security has become a red-hot topic in the financial services industry, and not just because of pressure from regulators and customers.

"We're also going to see our friends from the insurance industry come in and require even greater levels of security, in order to get the kind of insurance coverage you want," said Steve Katz, CISSP, president and CEO of Security Risk Solutions, based in Melville, N.Y., and former chief information security officer for J.P. Morgan, Citibank and Merrill Lynch.

It's a simple matter of risk minimization. "In today's world, if you build a factory, and you want to insure the contents of the factory and the building itself, the insurance company says, 'unless you have adequate fire protection technology, we're not going to insure you,'" said Katz.

Similarly, Katz expects insurers to require banks to counteract higher threat levels with increasingly stringent security standards as part of policy renewals. That could drive adoption of, well, whatever technology the insurers deem necessary.

Katz advises startups in the information security field, including San Francisco-based nCircle and Portsmouth, N.H.-based Cogentric. The former provides network exposure management tools, and the latter, security information and risk management tools.

Both solutions help companies to manage their information security programs and policies, which is a departure from past approaches that required internal development and integration. "You bought point solutions, IDS intrusion detection systems, and vulnerability assessment products, but you never really had a way to assess relative exposure or to assess the validity of the intrusions," said Katz. "In many cases it was just a lot of manual number crunching and trying to do the best you could without the tools that the industry badly needed."

"Even in the big institutions, where it was possible to develop in-house security management solutions, the level of results and the amount of work that was involved often didn't give you the information you really wanted," added Katz.

Comment  | 
Print  | 
More Insights
Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology Oct. 14, 2014
Bank Systems & Technology's new Must Reads is a compendium of our best recent coverage of customer analytics. Learn what big data means for banks, meet Wells Fargo CDO Charles Thomas, find out how to connect with your Gen Y customers, and more.
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.