Scott Anderson
This past July, I participated in the ribbon-cutting ceremony for the new Zions Technology Center in Midvale. This stunning new campus supports 2,000 technology employees who sustain the operations of Zions Bank and our affiliate banks across Zions Bancorporation’s footprint. Many people are surprised to learn that Zions Bancorporation, founded 150 years ago by Brigham Young, is now one of the largest technology employers in Utah.
This is a sign of the technological transformation that continues to reshape the financial services industry. From mobile check deposits to digital lending, technology has created enormous opportunities for banks and their customers. But it also presents new challenges, requiring robust, dynamic and responsive cybersecurity programs to keep sensitive financial data safe.
Cybersecurity not only helps protect against financial loss, but it also prevents disruption in critical banking services that keep our economy running smoothly. And it’s becoming increasingly important to attract and retain banking customers.
In fact, security and fraud protection are replacing “low or no fees” as the top reason why consumers choose a new bank. In a 2022 survey by analytics firm Verint, respondents said security of personal information was the most important factor in selecting a financial institution.
Speaking to financial services groups in August, acting Comptroller of the Currency Michael Hsu noted that the industry overall has done a good job of building cyber defenses and working with law enforcement and regulators to guard against attacks.
“Those efforts and the cooperative engagement underlying them deserve recognition,” Hsu said. “My sense, however, is that success can breed a false sense of security. We cannot be complacent. In a world of constantly evolving threats, vigilance must be maintained, especially when things are quiet.”
More than 80 percent of U.S. banks increased their technology budgets this year, with cybersecurity being a key area of investment for 89 percent of those banks, according to Bank Director magazine’s 2022 Technology Survey.
In an industry built on trust, it’s imperative that banks continue to protect the data and information entrusted to us. This means we need to keep investing in cybersecurity architecture, employee training, strict privacy policies, rigorous security standards and encryption systems.
We also need to educate and empower consumers to safeguard their financial information as an additional layer of defense.
Empowering Consumers against Cybersecurity Threats
As a banking industry, we have come together to find new and creative ways to educate our consumers about cybersecurity. The industry-wide “Banks Never Ask That” campaign, held during Cybersecurity Awareness Month in October, helps consumers spot bogus bank phishing scams.
You might have seen the humorous ads featuring original cast members from BYU TV’s Studio C. The campaign poses questions like, “Do you believe in aliens?” to grab the consumer’s attention, then reminds them that #BanksNeverAskThat and we will never ask for your account information, PIN or password.
The campaign, open to all U.S. banks at no cost, is amplifying important messages related to cybersecurity, allowing the banking industry to offer consistent messaging to consumers across the U.S. using a variety of creative assets, including social media posts, print ads, website banners and branch posters.
It’s impressive that more than 2,000 banks have participated in this award-winning campaign since its inception in 2020.
Building Safeguards within the Banking System
Just as banks are asking customers to use stronger verifications methods, we also need to adopt more robust verification methods to detect and block unwanted account activities. This includes widespread adoption of multi-factor-authentication to strengthen account access across the industry.
Adhering to Legal and Regulatory Requirements
As federally regulated financial institutions, banks must develop and have in place a cybersecurity risk management program that includes data breach-response procedures. A bank’s cybersecurity program should align with regulatory requirements prescribed by the Gramm-Leach-Bliley Act, Sarbanes-Oxley and the Health Information Portability and Accountability Act.
Aligning with Industry Standards and Best Practices
Industry standards and best practices should inform the development of a cybersecurity program. These might include the National Institute of Standards and Technology Cybersecurity Framework, the Control Objectives for Information Technology and the practices defined by the Federal Institutions and Examination Council.
Measuring and Reporting on Performance
Financial institutions should design and implement security metrics to measure, monitor and report on the cybersecurity program’s processes to ensure the operational objectives are supported and that progress on cybersecurity projects is tracked. It’s a best practice to provide risk and performance reports to management at all levels.
Practicing Constant Vigilance
Banks should invest in industry-leading security capabilities like web application firewalls and secure remote access. Redundant and overlapping capabilities mitigate the risk of any single cybersecurity failing.
Promoting Cyber Awareness and Engagement
It’s particularly important for financial institutions to emphasize a culture of accountability and reward team members for their cyber vigilance. Training and awareness campaigns go a long way in educating employees about cyber risks.
Preparing for the Future
The cyber threat landscape is becoming increasingly automated, sophisticated and dangerous. Financial institutions must stay at the forefront of cybersecurity by continually strengthening our defenses to respond to emerging threats, risks and vulnerabilities.
While protecting against cyber hreats can feel like a moving target, businesses of all sizes and industries can benefit from enhanced cybersecurity practices to help keep customers, assets and operations safe.
Scott Anderson is president and CEO of Zions Bank. He was elected chairman of the American Bankers Association Board of Directors in October 2021.