Filling the cybersecurity gap for midsized financial institutions
Overcoming labor challenges while addressing emerging risks
INSIGHT ARTICLE |
Cybersecurity is a significant challenge for all financial institutions, regardless of their size or geographic location. However, depending on the size and complexity of the institution, those challenges can vary greatly. With threats on the rise, community banks in particular must take a closer look at their security strategies to make sure they have proper coverage.
The current employment environment is a chief concern for many institutions. With unemployment levels nearing historic lows, locating, hiring and retaining skilled labor—such as cybersecurity resources—is extremely difficult.
For example, a large financial institution likely has many people responsible for security and privacy, performing in very nuanced roles, and often able to pivot to another security need if necessary. Conversely, a smaller bank has a much smaller pool of talent, typically a three- to five-member IT staff that is chiefly concerned with keeping the network and applications up and running. Security is of course a consideration, but often not the main focus.
In addition, if a community bank has talented cybersecurity resources, there is a strong chance that they will be approached by a larger institution with a larger compensation offer. The current labor market makes it even more difficult for middle market and community banks to maintain effective security resources.
Often we see midsized banks looking for that “Swiss Army knife” employee—someone who can manage technology infrastructure and maintenance, as well as security. However, that has become an outdated concept. Banks now need at least a slice of time from a top security resource—someone who is very skilled in identifying and discouraging current and emerging cyberthreats.
Unfortunately, middle market banks face an uphill climb when it comes to cybersecurity coverage. Many internal resources just don’t have the right background and experience to understand evolving threats and potential controls. If they do, they frequently are not exposed to outside solutions from peers and best practices from other industry sources. Some banks think training is the answer, but that can backfire if that newly trained and experienced employee leaves for another bank.
The list of cybersecurity issues and threats is growing, and banks need to address them with real, experienced resources. In order to counter escalating labor and security concerns, many middle market institutions are now leveraging managed IT services solutions, where they are allocated resources of an experienced, proven technology and security provider.
Engaging a managed cybersecurity services provider means your institution has a more certain solution for security challenges, as established providers can provide a wide breadth of capabilities and talent. It is a flexible solution that aligns with specific needs and any existing resources at a consistent monthly expense.
Implementing a managed cybersecurity services platform can certainly be a transition for many banks. While many institutions are used to having their security personnel on-site at all times, that likely will not be the case in a managed scenario. However, that issue can be managed and overcome by designing service level agreements that align with how the bank expects resources to provide in-person or remote services.
With the increasing amount and complexity of cyberattacks, banks are at risk in many different ways. The institutions that are most at risk are those that are in acquisition mode and actively growing. The expectations start increasing dramatically and staffing and capabilities can be difficult to scale with new requirements. Regulators are paying attention, and issues can arise quickly. One of the key benefits of managed cybersecurity services is the ability to seamlessly scale with growth, alleviating those potential concerns.
Reputation is a critical variable in the banking industry. Some banks want to be seen as technology leaders, others want to be seen as developing relationships with customers and becoming strong leaders in the community. In the current environment, with new threats emerging on a frequent basis, every bank should want to be thought of as secure. Even with today’s challenges in hiring and retaining security talent, a managed services framework can help protect your institution and your customer’s assets.