Does the financial industry think it’s invincible? Or is the industry as a whole innocently ignorant as to how to keep up with certain emerging risks?
For example, Citigroup became the victim of a cyber thieves recently when banking giant realized hackers infiltrated their computer system and stole personal information from more than 200,000 credit card holders, making it one of the largest direct attacks on a major bank. As the New York Times points out:
Even more striking is that similar data breaches have been occurring for years — and the financial industry has failed to prevent them. Details remain scarce, but the disclosure of the Citigroup breach on Thursday quickly turned into a debate on whether the banks and major credit card companies had invested enough money to safeguard the personal information of their customers. “They’re not at all on top of it,” said Avivah Litan, a financial security analyst at Gartner Inc. “It’s almost shocking.”
How, in 2011, are some of the world’s largest financial institutions unaware of the omnipresent threat of hackers? Though recent data breaches involving Sony, Amazon and Google have rightfully raised concerns regarding internet “security,” the Citigroup situation raises some serious red flags.
It raises a question as to whether flames of the ongoing cyber-war are leaping to financial banks. If so, prompt actions to combat the cyber-crime must be taken by both governments and private companies.
Writing about the overconfidence that banks exhibit reminds me of my post from yesterday in which I reference the Economist Intelligence Unit’s report that stated one of the many failings within the discipline of risk management is:
2. Finance executives remain unaware of risks
According to the survey, “Compared to colleagues in legal, risk and compliance functions, finance professionals are far more likely to say that their organizations haven’t suffered from significant risk or compliance failures.” This is yet another surprising finding since the financial department is considered one of, if not the, most important department in an organization, considered the oxygen to the life of a company. If they are operating with the mindset that their company is perfect, either they’re not being true to themselves or they honestly cannot see failures. Both scenarios are scary.
Though the above refers to finance executives in any industry and the Citigroup data breach involves one company within the banking industry, the idea remains the same: the severity of data breach risks is not being acknowledged among most companies — most of all, among those companies and executives dealing with money.