In the good old days, robbing a bank took some logistical planning. You needed enough gun-wielding associates to cover the lobby while the heist went down, and of course you needed a getaway car and a place to lay low. Today, all you need to rob a bank is a cheap laptop, some hacking skills and a high speed wireless connection. Talk to bankers and they’ll tell you that cybersecurity is their top concern. The reputational risk of a successful attack, let alone the potential financial exposure, is devastating.
Famed bank robber Willie Sutton once said he kept robbing banks because that’s where the money was. Of course, cyber thieves now steal identities and credit information instead of greenbacks, and their dogged persistence has turned cybersecurity into a growth industry. According to a recent report published by Homeland Security Research Corp., “Banking and Financial Services Cybersecurity: U.S. Market 2015-2020,” the financial services industry is the largest nongovernment cybersecurity market in the country. The industry is projected to spend $75 billion between 2016 and 2020 on cybersecurity measures.
Technology companies are well aware of the size and potential of the financial institutions marketplace for cybersecurity products and are rushing to develop products to meet the need. I doubt that many of the smaller ones will make much headway in financial services without partnering with a major tech firm. The career risk for a bank chief technology officer who hires Garage Genius Cyber Security is too great. Hiring a new young, innovative company gets you fired if an attack is successful. Hiring an old established well known company not only helps protect the bank from attack, it helps protect the CTO’s job if something goes wrong.
The older, more established companies are aware they have to keep up and are partnering with or acquiring new startups with promising cybersecurity products and services. This should allow them to offer cutting edge services to the financial community and still offer the peace of mind of a well-established and deep pocketed technology provider.
Already very active in the bank cybersecurity market, IBM has been buying up smaller cybersecurity companies and I expect that to continue as the company moves to counter new and developing threats. Vasco Data Security International–a world leader in two-factor authentication and transaction signing for financial institutions with more than half the world’s top 100 banks on their client roster — last year completed its acquisition of Silanis Technology Inc., a leading provider of electronic signature and digital transaction solutions that had a strong presence in the financial institutions marketplace.
Unisys’ new Stealth cybersecurity products can be used to protect your core data as well as mobile and cloud based platforms. And Cisco will continue to build its presence in the financial services cybersecurity market via acquisition. The company started down this path in 2013 by buying Sourcefire and have since added ThreatGRID, OpenDNS, and Lancope, and I expect it to make additional acquisitions as well.
Given their elevated concern about cybersecurity, most financial institutions are going to be reluctant to use smaller, younger companies—which means the established technology leaders should see the bulk of the money. And they, in turn, will have to be aggressive about buying and developing new technology to remain in front of the increasingly innovative and aggressive attacks that criminals will employ.