The State of Banking Information Security 2008

New Survey Promises Unique View Into Top Trends, Threats for New Year What is your single greatest security concern?

Are your customers confident that your institution's information security program adequately protects their information?

Which new security services or technologies do you plan on adding in 2008?

Key questions all, and they're just a sampling of the core topics addressed in the inaugural State of Banking Information Security 2008 survey undertaken by Information Security Media Group (ISMG), publishers of BankInfoSecurity.com and CUinfoSecurity.com.

Launched on Mon., Nov. 26, the State of Banking Information Security 2008 promises to be the word on top trends in the U.S. finance industry. It's the first of its kind - a survey that speaks specifically to the information security concerns of executives at U.S. financial institutions of all sizes.

A web-based research study created by ISMG with the counsel of banking and security leaders from across the U.S., the State of Banking Information Security 2008 tackles the vital topics we hear consistently from financial institutions, including:

  • Risk Management Strategy
  • Vendor Management
  • Identity Theft
  • Regulatory Compliance
  • And many other hot-button issues

Survey results will be compiled throughout early December and then presented in a variety of ways across BankInfoSecurity.com and CUinsoSecurity.com, including a live webinar in which survey respondents will be invited to listen to exclusive insight and analysis.

Filling a void at the critical juncture of banking and security, the State of Banking Information Security is intended to be an annual study, giving industry members and analysts insight that they can track and measure over time. Results, when available, will be analyzed and disseminated through a variety of electronic media, including whitepapers, audio interviews and webinars.

The Need

Although there are numerous annual security surveys issued by a variety of trusted sources, none does what the State of Banking Information Security will do - focus solely on the infosec concerns of banking institutions, which face unique pressures from regulatory agencies and customers in a business world that increasingly operates online.

Think of some of the important stories we've covered this year:

  • The TJX breach, in which as many as 96 million consumer credit card accounts might have been compromised;
  • The California wildfires, which forced regional institutions to deploy business continuity/disaster recovery plans on a scale we've not seen since Hurricane Katrina;
  • The ID Theft Red Flag rules, which require a whole new level of regulatory compliance from financial institutions by Nov. 1, 2008.

These stories speak to the threats - criminal and natural - that loom over banking institutions, as well as the increasing regulatory pressures they face to ensure security of the assets they hold. These threats and pressures call for a State of Banking Information Security survey, so that we at once can identify the biggest issues facing banking executives, and then point to the solutions and strategies they'll employ in facing these challenges in 2008.

We envision four groups as primary beneficiaries of the State of Banking Information Security survey:

Banking/security executives - Who can use the results to benchmark their own efforts among comparably-sized institutions, and help improve communication with other business executives, employees and customers.

Banking/security vendors - Who will gain a clearer view of the former group's unique needs, thus improving their ability to create solutions that meet those needs.

Consumers - Who have everything to lose in an insecure world, and everything to gain from learning more about the strategies and solutions that should be employed to protect their financial assets and activities.

Us - As your insights will help us hone the articles, interviews, webinars, training and events we create to meet the unique needs of banks and credit unions. Our audience has always been good about providing reaction to the content we create. Here's an opportunity to provide direction.

The Methodology

The survey was initially drafted by ISMG staffers, then refined through conversations with information security professionals and our own Board of Advisors, which includes representatives from financial institutions of all sizes, from throughout the U.S. These individuals weighed in on broad topics, specific questions and even the wording of prospective answers. Our survey consultants told us the State of Banking Information Security survey would prove invaluable to them and their peers so that they could better:

  • Track top security threats, trends and solutions;
  • Benchmark their own priorities and strategies with peers at like-sized institutions;
  • Communicate better to senior business executives, employees and even customers about the major information security trends and threats facing financial institutions of all sizes.

This survey is being offered to our entire audience of over 50,000+ subscribers, representing all shapes and sizes of U.S. banking institutions. Results will be collected, analyzed and presented in a variety of ways convenient for benchmarking and sharing.

The Topics

When preparing a survey of this magnitude, the question isn't 'What do you put in it,' but rather 'What do you leave out?' We had to make some hard decisions about the topics we tackled, as well as the number of questions we devoted to them.

We started with a focus on the topics we needed to know more about: The CISO role, priorities now vs. 12 months out, the level of confidence you feel your customers have in the security of your institutions.

Then we turned to the topics we hear most about in our conversations with banking executives. Customer education. Vendor Management. Risk Assessment. These are the areas you ask us most about, so we chose to explore them in depth.

Finally, we balanced our survey with questions relevant to the decisions you need to make to secure your institutions over the next year - regulatory compliance, ID theft, emerging technologies and security training.

In the future, no doubt, some of the questions will change - new priorities will arise. But we expect annually to be able to offer you a consistent survey instrument by which you can take the pulse of your field, benchmark with your peers, see the trends at institutions of all sizes and influence the products and solutions provided by your trusted vendors.

Following is an outline of some of the key topics addressed in the survey:

Priorities & Role - A look at titles, reporting structures and priorities. This data gives us the benchmark to know where security decisions are being made - and what level of confidence executives, employees and customers have in them.

Information Security Strategy - Every institution has to have a strategy, but there are differences in how often these plans are updated and tested - not to mention hiring practices. Where do you stack up?

ID Theft - In some ways this topic is like the weather: We're all talking about the threat, but what are we really doing about it? The survey looks at the number of suspected breaches in your systems - and your vendors' - as well as what you're doing to mitigate them in 2008.

Vendor Management - The closer third-party service providers get to your business, the harder you have to work to ensure rock-solid security procedures and communications. Our questions delve into the level of confidence you have in your vendors' procedures, as well as the service level agreements you create to mange third-parties.

Business Continuity, Disaster Recovery - Another perennial topic for discussion. Every institution has a BC/DR plan, but how frequently are they tested? And do these plans also account for business resumption? This is sure to be a hot topic in 2008.

Education & Training - Consistently, we hear that financial institutions cannot do enough to train employees and educate customers on good security practices. Refresher courses and statement stuffers seem to be the norm. Yet, with increased regulatory pressure on institutions to address ID theft, the heat is on to improve employee and customer education. So, how effective are your programs compared to other institutions? The survey is designed to give you this benchmark data.

Take the Survey; Stay Tuned for Results

To participate in the State of Banking Information Security 2008 survey, simply click on this link, register, and begin. The survey will take a minimal amount of time, but promises maximum results as you plan for 2008.

As a participant, you will have earliest access to the survey results as they roll in and are analyzed by our team. You also will be invited to participate in an exclusive State of Banking Information Security 2008 webinar, in which a panel of experts will speak to the impact of the trends we uncover.

If you have questions or comments, please don't hesitate to contact Editor Tom Field at tfield@bankinfosecurity.com.


About the Author

Tom Field

Tom Field

Senior Vice President, Editorial, ISMG

Field is responsible for all of ISMG's 28 global media properties and its team of journalists. He also helped to develop and lead ISMG's award-winning summit series that has brought together security practitioners and industry influencers from around the world, as well as ISMG's series of exclusive executive roundtables.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.