Consider All Of The Risks Of Cybersecurity - ThreatAdvice
In today’s world cybersecurity is certainly one of the greatest risks a financial institution, or any business for that matter, faces. If a professional hacker can gain access to the systems of governments and the most sophisticated companies in the world, the odds are pretty good that he or she can gain access to your files as well if he or she is so inclined. One of the things that a financial institution needs to do is make itself a less attractive target than its competitors. One way to do this is to have a more comprehensive array of protections than the next guy.
When a financial institution considers how much effort and money it is going to expend on cybersecurity it should carefully consider the damage it will suffer if there is an intrusion into its systems. Obviously cybersecurity is a safety and soundness risk. It is also a compliance risk. Read the last paragraph of your Regulation P privacy disclosure. In it you are promising your customers that you maintain sophisticated systems in keeping with federal standards to prevent an unwarranted disclosure of your customer information.
In my opinion one of the greatest risks of an intrusion into your systems is to your reputation. If I am your customer and my customer information is illegally obtained by a third party, one of the first things that you have to do is send me a letter outlining that my information has been purloined, how it happened, and the steps that I should take to protect myself from that information being illegally used. This is on top of the fact that you may have to change all of your account numbers, send customers new checks and debit cards and so forth. In addition to the basic embarrassment of what happened, to a greater or lesser degree your customer relationship has been damaged. If I am your customer one of my considerations has to be if you can’t protect my information how can I trust you to protect my money.
When a financial institution considers how much effort and money it is going to expend on cybersecurity it should carefully consider the damage it will suffer if there is an intrusion into its systems. Obviously cybersecurity is a safety and soundness risk. It is also a compliance risk. Read the last paragraph of your Regulation P privacy disclosure. In it you are promising your customers that you maintain sophisticated systems in keeping with federal standards to prevent an unwarranted disclosure of your customer information.
In my opinion one of the greatest risks of an intrusion into your systems is to your reputation. If I am your customer and my customer information is illegally obtained by a third party, one of the first things that you have to do is send me a letter outlining that my information has been purloined, how it happened, and the steps that I should take to protect myself from that information being illegally used. This is on top of the fact that you may have to change all of your account numbers, send customers new checks and debit cards and so forth. In addition to the basic embarrassment of what happened, to a greater or lesser degree your customer relationship has been damaged. If I am your customer one of my considerations has to be if you can’t protect my information how can I trust you to protect my money.
Realistically speaking the damage to your commercial relationships will probably be minimal. First those relationships are probably pretty strong and the customers are sophisticated enough to understand what happened. Consumer customers are a different story. There the relationship is not as strong. The products and services that you provide to your consumer customers is probably little different than what your competitors provide. The only reason that consumers do not change financial institutions more often is the hassle in doing so. Recently I received an offer from a large bank offering me $500 if I would open a checking account with it with a direct deposit and maintain a savings deposit for a relatively short period of time. Moreover the other bank has a branch that is more convenient to me than the branch of my bank that I use. While I am satisfied with my bank and reasonably loyal, I was tempted. Would notice of a security breach tip the scales? I don’t know, but it might.
In any event, every financial institution has limited resources to spend to protect its risk profile. When you are making that allocation make sure that you understand the real magnitude of the damage attendant to each of the risks that you are protecting against and that your resources are allocated appropriately.