Banks have been at the forefront of cybersecurity for years, investing heavily to protect some of their clients’ most valuable and sensitive information. Such heavy investment in cybersecurity is increasingly the cost of doing business in financial services, but it also presents an opportunity for banks to generate a return on that investment by earning revenue from the cybersecurity solutions they develop. Analysts expect the global cybersecurity market to reach more than $120 billion by 2021,[i] and banks are well positioned to participate in that market.
As the industry grows more digital, banks are increasingly aware that the technology solutions they develop can become a source of revenue for them.[ii] Given the growing concerns around cyber threats both among businesses and consumers, as well as the billions of dollars the industry invests in cybersecurity annually,[iii] cybersecurity is a natural domain for banks to play the role of technology providers. Survey data suggests many banks are already eyeing this opportunity — two-thirds of bank CEOs see their cybersecurity investments as opportunities to innovate and find new revenue streams.[iv]
Goldman Sachs, which has been highly aggressive in selling its technology, has already been taking advantage of such opportunities. The investment bank sold a cyber threat intelligence platform it developed, dubbed Sentinel, to cybersecurity company LookingGlass earlier this year,[v] and previously spun off a joint venture to provide advanced Bring Your Own Device (BYOD) mobile security solutions to other enterprises.[vi]
Other banks have sold or spun off technology solutions they’ve developed in other areas, such as loan origination tools. But cybersecurity is a major market where banks are in a unique position to deliver solutions. Banks already have deep roots in multiple customer segments — including retail consumers, small businesses, and corporates — that are all looking for help in protecting themselves from hackers.
Also, many of the threats that these different customers face mirror those that banks are fighting every day. For instance, consumers and businesses alike are at risk of social engineering threats like those that cyber criminals routinely utilize to infiltrate banks’ networks and customer accounts. This means banks can repackage tools they’ve developed internally to serve these multiple customer segments with solutions for network monitoring and threat detection, identity and access management, data security, and other types of defenses.
Additionally, these customers already entrust banks to protect some of their most sensitive information, suggesting banks already have high credibility when it comes to the strength of their cyber capabilities. One survey last year found that 83% of consumers trust their banks’ cyber defenses to ward off hackers.[vii]
Banks also have a range of options to monetize cybersecurity solutions. They can sell the technology outright to other companies for their own use, or provide white-labeled solutions that other companies could turn around and offer to their customers. Banks could also provide services built off of solutions like advanced authentication or threat monitoring, and charge customers a recurring fee for them. Lastly, banks could spin off cybersecurity solutions or form joint ventures with other companies in this space, and collect a portion of the new enterprise’s revenue.
Moving into the cybersecurity market will certainly present challenges. Banks that do so will face stiff competition in this market from more digitally native companies. However, many of those competitors don’t have the high level of trust and credibility that banks have when it comes to keeping consumers’ and businesses’ information safe. Additionally, those competitors could also be viewed as potential partners in joint ventures.
Of course, banks will have to invest in expensive cybersecurity talent and develop unique solutions in order to compete in the marketplace. But paying top dollar for cybersecurity personnel is becoming the cost of doing business in financial services as the threat landscape grows more complex and dangerous — and banks will need to respond to those threats with unique solutions anyway. Rather than treating those investments in cybersecurity talent and solutions as sunk costs, banks should explore turning them into new sources of revenue and profits.