A systematic review on information security policies in the USA banking system and global banking: Risks, rewards, and future trends

This study aims to examine the current state of information security policies and practices in the United States banking sector while drawing comparisons to global banking systems. The research specifically addresses risks, benefits, and future trends, providing insights for strengthening information security frameworks worldwide. The study adopts a qualitative research approach, utilizing secondary data sources, including scholarly journals, research articles, televised news, and online platforms. A systematic review was conducted using global databases such as Science Direct, Scopus, Web of Science, PubMed, DOAJ, and Google Scholar in alignment with the PRISMA 2020 guidelines. The research incorporated specific keyword phrases to identify relevant literature, with additional exclusion criteria applied to eliminate incomplete, inconsistent, or non-English publications. The final review included 125 papers and 20 reports. The findings highlight that the U.S. banking sector faces a dynamic landscape of cybersecurity risks, including phishing attacks, ransomware, regulatory non-compliance, and insider threats. Despite these risks, robust information security frameworks offer significant rewards, such as improved customer trust, fraud detection through AI and machine learning, and financial stability. The study underscores the regulatory landscape in the U.S., particularly frameworks like the Gramm-Leach-Bliley Act and collaboration initiatives such as the CISA and FS-ISAC, which enhance preparedness against emerging cyber threats. Comparative analysis with global banking systems revealed key challenges, including the evolving cyber threat landscape, compliance with international data privacy standards, and the need for cross-border cooperation. While the U.S. banking system demonstrates a strong regulatory foundation, the study identifies areas requiring improvement, such as proactive employee training, adoption of advanced cybersecurity technologies, and international cooperation. The study's implications emphasize the need for proactive risk management and continual innovation to address emerging threats. Recommendations include implementing multi-factor authentication, leveraging AI and blockchain technologies, and prioritizing cybersecurity awareness programs for employees. However, limitations include reliance on secondary data, which may omit recent developments, and a focus on the U.S. context, limiting global generalizability. Future research should incorporate primary data collection and expand the scope to include quantitative analyses of cybersecurity investments and outcomes. This research provides policymakers, banking regulators, and industry stakeholders with actionable insights to bolster information security resilience and adapt to the rapidly evolving financial landscape.