Dunbar to launch division to armor websites against cyber criminals

Dunbar Armored has been in the armored-car business for nearly 90 years. But the Hunt Valley-based company now is branching into a new way to protect banks' and businesses' money and valuables: cybersecurity.

The company is launching a subsidiary, Dunbar Digital Armored, early next year to tap into the growing need to protect online transactions for its thousands of bank and retail customers. Dunbar will focus its cybersecurity products on small and mid-size companies that are looking for tech-savvy solutions but don't have the deep pockets or cybersecurity expertise of the big banks.

"Banks are very interested because it's a real-world problem," said Kevin Dunbar, president and CEO of the Dunbar Cos., which include subsidiaries that do business in the armored-car, global logistics and home-security industries. "A lot of our growth has come from banks and retailers wanting us to do more for them."

The company's foray into cybersecurity comes as banks and retailers are grappling with the rise of fraud, theft and other forms of organized crime on the Internet. The protection of the nation's government, infrastructure and financial networks is a hot topic from the Pentagon to Capitol Hill to Wall Street.

In recent months, several major banks saw their websites crippled by "denial of service" attacks, in which hackers flooded their sites with traffic from compromised computers, preventing thousands of customers from accessing their online accounts. The banks affected included Bank of America, Wells Fargo, US Bank, JPMorgan Chase, SunTrust and others.

"For the banks I'm currently working with, it is absolutely a threat," said William Wansley, senior vice president with Booz Allen Hamilton, who consults with commercial and government financial institutions. "There is a need for small and mid-size institutions to take cyber-threats seriously."

Homeland Security Secretary Janet Napolitano said last week that banks are under constant attack by cybercriminals looking to steal data and money. Public companies face increased pressure to disclose cybersecurity risks to investors, thanks to guidelines formulated last year by the federal Securities and Exchange Commission.

A joint study released last month by the Ponemone Institute, an information security research firm, and HP showed that the occurrence of cyberattacks has more than doubled between 2009 and 2012, while the financial cost for companies climbed 40 percent during that period. The institute found that the average cost to a business to respond a major cyberattack approached $600,000, and took from three weeks to nearly two months to address.

More than three-quarters of the attacks stem from malicious code, denial-of-service attacks, stolen or hijacked devices, and malevolent insiders, the institute found.

Numerous reports and studies put the cost of cybercrime for financial institutions in the billions every year.

With the creation of the Dunbar Digital Armor subsidiary, Kevin Dunbar, whose grandfather founded the business, hopes to fuel the next generation of growth for his company, which operates in 42 states.

It's a potentially lucrative industry. The global market for cybersecurity software is expected to nearly double over the next five years, from $63.7 billion to $120 billion, according to a June report from Markets and Markets, a research firm in Dallas.

Yearly revenues for Dunbar, a privately held company, have hovered around $280 million the past few years, though they have grown more than three percent this year, Kevin Dunbar said.

To lead its push from physical into cybersecurity, Dunbar hired Chris Ensey, a former director at Safenet Inc., a Harford County cybersecurity firm, as chief operating officer of the new digital company. Ensey is putting together a team of professionals from within Dunbar and seeking to partner with other cybersecurity solutions companies to build a new suite of Internet-based software products for Dunbar's customers.

The company will act largely as a systems integrator, picking the best cybersecurity software products on the market and combining them into an easy-to-use package for banks and retailers. The company expects to launch its products and services in the first quarter next year.

It intends to sell the services on a subscription basis, with companies paying periodic fees to maintain coverage. It expects to be able to mine its existing customer base for digital security subscribers.

Ensey said that cybercriminals have launched well-coordinated and sophisticated attacks against larger banks and retailers in recent years, but those companies have the big budgets to blunt many of the attacks. He expects the attackers to begin targeting smaller institutions whose budgets are smaller and whose online defenses are less robust.

"We see a trend that the big guys are getting attacked, but clearly the cost of attacking the big guy is increasing for the adversary," Ensey said. "Where will they go next? The less protected, less secure smaller-tier guys."

Andrew Bartels, chief technology officer of PSA Financial, an insurance and financial services firm based in Hunt Valley, said he's had discussions with Dunbar about the need for a comprehensive cybersecurity solution for financial institutions.

Bartels said that companies such as his must buy software from several different vendors and cobble together an approach from disparate products, which takes a lot of time and in-house expertise.

"I think they're really onto something," Bartels said. "Their timing is very good. I think the idea of bringing together a set of best-of-breed products under a single mentor is an incredibly good idea."