Banks and financial institutions are responsible for valuable commodities, making effective security a high priority. While the most obvious item to protect is money, banks must be prepared to defend an array of assets: property, data, and their own reputations, to name a few.

“The banking industry operates in a highly regulated and publicly visible risk environment. Financial institutions are entrusted not only with people’s money, but with their confidential information. It’s important that they maintain people’s confidence and trust,” says John Illes, Segment Development Manager – Banking and Finance at Axis Communications. “When an incident occurs at a financial institution, whether it involves violent crime, insider misuse, fraud, or an IT system failure, it immediately draws public attention, particularly when it involves your bank. These events have an instant and compounding impact on employee safety, customer trust, regulatory standing and brand reputation.”

The variety of assets that banks take charge of can make them targets for malicious actors, cyber and otherwise.

“Historically, banks have always been a target. During the 1920s and 1930s, when bank robbery was at its peak, the infamous bank robber Willie Sutton Jr. was once asked why he robbed banks. His answer was simple: ‘Because that’s where the money is,’” Illes remarks. “Today, traditional bank robbery has declined, and the physical act of robbing a bank is less lucrative than ever due to advances in security technology, cash controls, and law enforcement coordination.”

While the banking threat landscape has shifted notably over the last century, the threats haven’t become lesser.

“The criminal appeal of ‘where the money is’ has not changed,” Illes asserts. “And this places employees and customers at risk for criminal and sometimes violent acts.”

So, in the modern banking landscape, how can banks protect their most valuable asset —their customers?

Know the Modern Threats

Long gone are the days where traditional bank robbery was the most prevalent threat to financial institutions. These days, banks are operating in a much more diverse threat landscape.

Michael Moll, CPP, CFE, currently serves as the Vice President, Bank Security Officer of Macatawa Bank, N.A., where he comes face to face with modern bank security challenges.

“From an external perspective, fraud rings and artificial intelligence are the two biggest issues facing banking,” Moll states.

While cyber threats have grown prevalent in the banking threat landscape, that doesn’t mean physical threats have ceased.

“Violent crime, robberies, workplace violence, ATM attacks — including hook-and-chain and jackpotting — remain persistent and elevated threats today,” Illes says. “The most lucrative threats have shifted toward organized financial crime, sophisticated fraud schemes, cyberattacks, ransomware, and nation-state actors, resulting in millions, if not billions, of dollars in industry losses each year.”

Bank security is no longer just about guarding assets; it is about protecting people, maintaining trust, and enabling resilience.

Understand the Financial Industry Landscape

“Bank security is no longer just about guarding assets; it is about protecting people, maintaining trust, and enabling resilience,” says Illes.

Just as the threat landscape evolves, so does the industry as a whole. By staying one step ahead of the trends, security leaders can ensure their organization isn’t just secure, but resilient.

One such trend to be aware of is cyber insurance.

“Right now, I’m hearing that major insurance companies are looking to part AI insurance away from overall cyber insurance because it is so nuanced and becoming so much more of a threat,” Moll remarks. “It would be a good idea to check with your insurer to see if this is where they are going and if a new policy needs to be purchased.”

Another trend to pay attention to is the gap between compliance and practical preparedness.

“While financial institutions operate in one of the most highly regulated environments, there is a growing gap between regulatory security compliance training and practical security and safety preparedness training,” Illes insists. “Financial institutions provide annual compliance training, but many do not offer the scenario-based security and safety training that other industries have already adopted. This gap is increasingly concerning.

“When combined with unpredictable threat behavior, sustained elevation in workplace violence, escalating violent crime, active intruders, and targeted threat scenarios, bank employees are often left underprepared to respond effectively when it matters most.

“This trend underscores the need for financial institutions to move beyond minimum security compliance and invest in practical, role-based security training that empowers employees, reinforces confidence, and ultimately improves safety outcomes.”

Protecting Customers

Banks may oversee the assets, but it is often the customers that are targeted by malicious actors.

Customers often face fraud and AI scams that aim to deceive them and steal their finances, credentials or other valuable information.

“These aren’t ‘ignorant’ customers, either,” Moll points out. “We’ve had owners of businesses, industry leaders and long-time customers with excellent credit scores tricked. I’ve had people who thought they were speaking to WNBA superstars, the cast of Days of our Lives, and ‘Life Coaches’ who have duped them out of hundreds of thousands of dollars.”

Fraud and AI-driven schemes are advancing at such a rate that even cautious, cognizant customers can become victims of these incidents. Protecting customers means being proactive about these threats.

“From the fraud side, we can be proactive with some of the software tools we have, positive pay, ACH positive pay, systems, and processes,” Moll explains. “Our front-line tellers are in the best position most times to mitigate fraud against customer accounts, so training, educating, and empowering them to make decisions at the line level are excellent mitigation tools.”

Fraud is a challenge most banks are more than familiar with handling, by now. But AI has presented a whole new threat landscape for the industry.

“The AI side is a much more difficult problem. With no guardrails on AI, the bad guys are exploiting how to use it to their benefit versus the good guys putting up those roadblocks,” Moll states. “For example, AI now can use a 1.5 second voiceprint from a human and create an entire dialogue. Our industry needs to really look at this issue from a holistic standpoint and start determining ways in which to mitigate AI for negative purposes.”

As the banking threat landscape grows more complex, the security measures must rise to the challenge. By implementing innovative and effective technology, evolving security processes, and adapting to the new world of banking, security leaders can protect the assets — and people — placed in their care.

Illes asserts, “The convergence of security teams, cyber and physical, when thoughtfully deployed, becomes a strategic enabler. Today, CSOs and CISOs can leverage unified security platforms to deliver a proactive, integrated and people-focused security program — one that will instill trust and resilience within your institution, employees and customers.”