Perimeter Internetworking Corp. is offering an online service it says can help community banks analyze data security risks.
Perimeter, which has more than 1,500 financial companies as clients, is expected to announce RiskProfile today. It will offer it at no charge through yearend, by which time it hopes to have created a database of at least 1,000 institutions.
Bankers use the service by completing an online questionnaire. Once the database has been created, users will be able to compare their own results to those of similar companies. (The service is available at https://www.riskprofile.org.)
Analysts said RiskProfile could be helpful but would be no substitute for planning and action on risk.
Kevin W. Prince, Perimeter's chief security officer, said the system has been in development for more than two years, and the company has worked with a variety of experts, including federal and industry regulators from several agencies, outside security professionals, bank security officers, and its own security experts. Perimeter's database currently contains 500 risk profiles, he said.
But he said he did not want to draw many firm conclusions from the profiles compiled so far. "We wanted to get a broader base of profiles before we started doing too much analysis," he said.
Elise Anderson, a vice president and the chief information officer at Plantation Federal Financial Corp. in Pawleys Island, S.C., said RiskProfile helped her organize risk data for presentation to her company's board and to financial regulators.
"I'd been working with a spreadsheet for months," Ms. Anderson said. "The bigger the spreadsheet got, the more tedious it became."
She began working through the questionnaire in July and was able to present a report to the board by September.
RiskProfile focuses only on technology risks, such as storing confidential customer information in electronic databases, and thus does not cover the full gamut of business risks, Ms. Anderson said. "I have done a separate risk assessment for the human piece" of the risk puzzle, she said. "Those kinds of risks are not addressed in the RiskProfile."
Perimeter, of Milford, Conn., is considering including additional types of analysis in RiskProfile, such as card fraud, interest rate risk, and business strategy risks, Mr. Prince said.
Jacob Jegher, a senior analyst at Celent LLC of Boston, said the system could be useful to community bankers, who may have less risk-analysis expertise in than their counterparts at larger banks.
A comprehensive risk analysis, however, should cover not only data security, but also disaster recovery and business continuity and even the effects of terrorism or a medical epidemic, Mr. Jegher said. "Proactive institutions have to understand where their risks lie," he said. "You cannot leave any stone unturned."
Eva Weber, an analyst at the research and advisory firm Aite Group LLC of Boston, said RiskProfile should be considered just a first step.
"It's hard to replicate human analysis in an online tool," Ms. Weber said. "Don't think of it as a substitute for ongoing analysis by a corporate risk manager."
But, she said, RiskProfile "does seem like a good start, if it's going to help these institutions think in a more organized way about these risk areas."
