Cyber criminals are moving faster than banks or regulators

Futureshock
Look, the world is changing fast. The pace of change is absolutely bonkers. Over the last century, virtually every generation has had to get used to some new, groundbreaking technology. Human-powered flight. Electricity. Radio. Television. Atomic power. Computers. The internet. People have had such whiplash trying to keep up that futurist Alvin Toffler coined a term for it as the title of his 1970s book: futureshock.

But I'm not sure that any society in the past has had to deal with the pace of change we are experiencing right now. We are at a point where one company, Anthropic, can't even release a new program because it will be so profoundly unsettling to cyber-security efforts (and, yes, there's a question of how much of that is hype, but I'm on the side that says it's a real issue). 

At the same time, we know that the proverbial wheels of government move slowly. Normally, that's a good thing. You don't want the government shooting from the hip, doing the Zuckerberg thing of moving fast and breaking things. The problem with that approach right now is that the government's slow, steady approach is being lapped by technology.

The Office of the Inspector General released its semiannual report to Congress, in which it audits the performance and operations of the Federal Reserve and Consumer Financial Protection Bureau, as our Kate Berry reported. At a time when financial institutions face an unprecedented wave of sophisticated cyber threats, the findings reveal that the very institutions charged with overseeing the American banking system are failing to adequately protect their own data and systems.

The OIG report stated very bluntly that each agency's security programs are "no longer effective." That should send alarm bells ringing in Congress and should lead to loud calls for action. This Congress seems to have a lot of other things on its mind, so I'm not sure that will happen. 

Meanwhile, at the banks themselves, hackers are increasingly gaining access to protected systems through unpatched holes in software, our Carter Pape reports. Verizon issued its latest Data Breach Investigations Report, and noted that for the first time in the 19 years that it's been producing this report, unpatched software was the most common route hackers used to gain access — more common even than stealing credentials. 

Banks are a particular target for hackers for the old, obvious Willie Sutton reason: that's where the money is. Verizon's report found that stealing money was the primary motivation in 98% of the attacks. Between November 2024 and October 2025, it counted 3,809 incidents at financial and insurance companies, with 1,300 confirmed data breaches. Only 12% of them were inside jobs. 

Innovation, 2026 style
Okay, that's all dire enough. But here's the flip side of the march of technology. American Banker released two major annual reports yesterday: The Most Innovative People in Finance 2026, and the Innovation of The Year 2026. 

Vantage Bank CEO Jeff Sinnott was ranked our most innovative person in finance, as Vantage became the first bank to issue its own stablecoin. Most of the people on this list had a hand in innovations in digital assets, artificial intelligence, new payments systems, and cybersecurity. Sometimes the innovations involve something along a less beaten path. Derik Farrar at U.S. Bank made the list by repurposing the 6/7 internet meme (it's okay, I had to look it up, too) for the bank's CDs. The gambit resulted in U.S. Bank doubling its CD sales. 

This is only the second year we've handed out the Innovation of The Year award, which this year went to Ally Financial's AI agent personas, digital representations of the company's customers that are used to help employees get a better understanding of customers' needs and how to serve them. Nine other banks also made the list for top innovations.