Commercial cyber security services become a for-profit business

By Susan Thomas Springer

It takes more for a bank to be a trusted advisor than it used to, says J. Morgan Davis, president and chief banking officer with TowneBank, a $4.6 billion-asset community bank headquartered in Portsmouth, Va.

Thanks to a partnership with a cyber security firm, TowneBank has begun offering computer network security services to businesses as an adjunct to its commercial banking products and services. Targeting firms in the mid-Atlantic region, the bank, in addition to its commercial accounts, services and credits, provides IT threat management.

TowneBank added its new IT security business line after one of its business clients suffered a cyber security breach. Thieves accessed customers’ credit card information. It turned out to be a minor incident compared with some other breaches, but the incident reminded Davis about this potentially costly problem facing all businesses today. The credit card companies involved called the shots during the incident response, dictating to TowneBank not only the details of the breach but also the number of cards the bank had to pay to reissue and the cost it would pay, allowing no room for negotiation.

“Being able to demonstrate that you have taken steps to protect the information can really help you from a potential claim,” Davis says.

While TowneBank, in the end, wasn’t held responsible for the fraud on those cards, the incident became an eye-opener, Davis says. The breach inspired the bank to do more to protect itself and its customers, including a large number of medical companies who hold private healthcare information, from the growing number of cyber threats and activities.

So last July, TowneBank bought a 30 percent share in the IT security firm Sera-Brynn LLC in Suffolk, Va. The business venture allowed the bank to establish a for-profit commercial cyber security line of services aimed at assessing risk and preventing IT attacks against businesses, their systems and their accounts.

About eight TowneBank employees from the information technology, marketing and treasury departments worked together to kick off its cyber security prevention services program with learning lunches for business owners. The bank also offers free safety assessments of IT systems of businesses. At that point, business owners can choose from a variety of consulting services such as system monitoring, compliance and risk assessments, and secure system network and architecture design.

“We try and make it very difficult for the average hacker and cyber terrorist,” Davis says. The educational lunches recently started with 50 merchant clients invited to each; the lunches are offered quarterly, but may soon grow to monthly. TowneBank invites merchant clients who need compliance and security support, and Sera-Brynn invites its clients who need payment processing and other banking support.

TowneBank is experienced with other nontraditional lines of business. In addition to its new IT security services, the bank operates subsidiaries offering real estate brokerage, retail investments and property management services. About 30 percent of the bank’s revenue comes from noninterest income generated from its subsidiary or affiliate operations.

TowneBank’s affiliate lines, says Davis, have “been a great way for us to continue to have increased earnings every year through the recession.” Like its other service lines, he points out that the bank’s cyber security services provide a strong point of differentiation for its commercial customers.

“It seems like it gives us another arrow in our quiver to position ourselves differently from our competitors,” he says.

Susan Thomas Springer is a writer in Sisters, Ore.