Since bankers are in the money business, you may find it interesting that researchers at Utah State University found students who completed a basic financial education course were more responsible with their money. After just one course, this group outperformed those who did not take the course by having more self-control and an improved risk tolerance than those who did not take the course. Now you can brag about how much of an impact being a banker can have on improving society as a whole!
As with having financial savvy, understanding more about the world of cybersecurity is also important these days. That said, you may find it interesting that despite cybersecurity's high profile, it has not necessarily translate into dollars dedicated to a corresponding spending increase on information security.
By many accounts, only about 10% or less of a bank's IT budget goes to cybersecurity. IT security professionals face a quandary - how to sell the importance of cybersecurity to what are basically non-technology experts (top executives and directors). Further, how to do so while including a financial, technological, business, and regulatory standpoint.
The financial services industry has long been (relatively) one of the biggest spenders on IT, according to a 2016 Accenture study. It found banks would spend more than $360B worldwide in 2016 on IT. That spend, however, was largely focused on upgrading back-office operations, outdated core systems, improving customer-facing retail delivery and becoming more efficient. It is easy to see why these projects tend to draw much of the banks' IT budget. After all, they provide a fairly clear ROI, while cybersecurity investments are much more difficult to see.
To "sell" cybersecurity development and investment to executives and directors, IT professionals might want to try the following four steps:
Inside Support -
A report by Accenture finds <6% of directors at the world's largest banks have professional technology experience. Even worse, a whopping 43% had none at all. For community banks, this may be even more pronounced. As one banking IT consultant expounded, "How in the world can [banks] make an informed decision on the nuances of bank technology without expertise at the top?" Community banks understandably pull directors from the ranks of successful business people, so seeking out the next open spot with someone with a more technology-related background could make sense. In Feb, we wrote a comprehensive article
on this topic, if you would like more specific details.
Women on the Board - Interestingly, Accenture research also found that female members of corporate boards are nearly twice as likely as their male counterparts to have professional technology experience. By seeking out more women to join the board you will not only increase diversity, but also likely increase broader IT understanding to boot.
Digital Evolution - While some community banks are in the early stages on mobile strategy, others have a well-established infrastructure in place. Some may even be leveraging analytics to encourage usage and engage customers. It is important for IT security professionals to understand where their community bank stands to address the risk mitigation and security needs.
Coaching for Upper Echelon - If boards of directors and C-suite executives do not understand information security, they are much less likely to support initiatives. Therefore, IT security professionals should be making an all-out push to offer coaching to the board, executives, and other key constituents. Doing so will help expand awareness of the current threat landscape and what can be done to limit the size and scope of potential attacks.
Expanding education of all types is good for banks and customers, but this is especially true when it comes to cyber.