This has been a "good news-bad news" summer for bank technology executives, especially those responsible for security and business continuity (which today probably means almost every bank technology executive). The good news is that security has become a top priority, and, no doubt, it has become easier than ever before to make a business case for investing in security-related technology initiatives. Unfortunately, the bad news is that security has become a top priority, and it has become easier than ever to make a business case for investing in security-related technology initiatives.
see related articles:
The reality must have hit home in a big way with last month's revelations about possible planned terrorist attacks on some of the nation's most prominent financial institutions, including Citibank, The New York Stock Exchange and Prudential Financial. Regardless of how current or "actionable" the information in the reports was, it could not be ignored. Again, good news, bad news - the bad news being that the war on terrorism has not eliminated such threats. The good news was, of course, that the threats have not become reality, and also that most banks have been preparing for them pretty much continuously since 9/11.
Only time will tell whether those preparations have been focused on the right kinds of threats and vulnerabilities, and the official report released last month by the 9/11 Commission illustrates how difficult it is for complex institutions to match intention with action. Within banking, there has been a long struggle against cultures and mind-sets that resist change, cooperation and new perspectives. It was both strangely familiar and unexpectedly disturbing to read about the same kind of struggle occurring within our government, defense and security-related institutions. Here, the "good" news is that banks have no monopoly on turf battles, bureaucracy and lack of vision, but I almost don't even want to think about the bad news.
It's a classic scenario that bankers know only too well: It doesn't matter if you have the biggest budget or the best systems and tools if your organization's goals are unrealistic and poorly defined and communicated, and if the organization at all levels is not aligned with the strategies for achieving those goals.