Imagine that you are the IT Director of a large retail bank with an active and highly visible Internet banking service. Driving into the office, half-listening to the radio news, you hear your bank’s name being announced. Immediately followed by the words "hacker," "massive system failure" and "identity theft."