The French bank isn't the only company recently to suffer from risky behavior by employees. Bear Stearns, rocked by losses from its investments in subprime mortgages, was acquired by J.P. Morgan Chase for $2 a share in March when clients lost confidence that the firm could pay its debts. In February, Credit Suisse reported an unexpected write-down of $2.8 billion that CEO Brady Dougan attributed to "mismarkings and pricing errors by a small number of traders in certain positions" in the company's structured credit business. Kareem Serageldin, Credit Suisse's recently appointed global head of collateralized debt obligations, was among employees suspended after an internal review uncovered the errors.

Dougan told analysts looking for reassurance that even with the announcement, "we feel we have actually managed our risk fairly well," but that the company still needed to "continue to focus on improving its risk management practices and procedures."

BearingPoint's Reagan observes that in the case of Société Générale, "their activities deal with high volume, high velocity and quick tempo trading of stock," and it's likely business leaders "wouldn't put up with" security measures that would slow them down. For example, Société Générale employed single-factor authentication (using one method, such as passwords, to grant access to its systems) rather than stronger dual-factor authentication (requiring that individuals employ two methods of identifying themselves to gain access).

"The security team needs to explain the risk exposure and the possibility of losing billions in fraudulent trades if security is not adequately addressed," Reagan says. "But most security guys aren't well enough in tune with the business to be able to articulate a business case like that."

That disconnect can be enormously destructive, as the Société Générale incident shows. "The Société Générale case brings to the fore the fact that business risk can be directly exposed through IT," Crawford says. "Kerviel allegedly manipulated the IT controls on the business systems based on his midoffice experience and back-office [IT] knowledge and expertise."

Between Jan. 18 and Jan. 20, the bank discovered that Kerviel had established trading positions—bets that the price of securities and warrants would move in a particular direction—that were worth more than the bank itself. He bet wrongly, and unwinding those positions over the following three days cost the bank about $7.2 billion as it sold the stocks into a falling market.

As an arbitrage trader, Kerviel should have been making transactions in pairs, buying and selling similar assets to exploit the minute and fleeting differences in prices that exist in markets. Arbitrage trading is considered less glamorous than the one-way bets he secretly made from time to time by faking one half of a pair of transactions.