ARE BANKERS READY TO RESPOND TO CYBERSECURITY THREATS? Preparing for the inevitable cyberattack is a never‑ending responsibility. Let’s gain insight into banking executives’ perspectives on their own cybersecurity readiness: • Improving Cybersecurity Education: 92% of respondents agree — with 50% strongly agreeing — that their bank could improve cybersecurity education. If your employees receive a suspicious email, do they know the proper steps to report it? Educating employees on evolving threats and the latest social engineering schemes is one of the most effective ways to mitigate cyber risk. • Understanding Cyber Risk: Most respondents (89%) agree they understand their institution’s cyber risk. But as risk continues to evolve, are banks keeping up with the latest threats? Understanding recent cyber incidents provides key insight into how bad actors execute attacks and helps institutions stay one step ahead. As discussed previously, consider implementing a cybersecurity framework to guide risk mitigation if you haven’t already. • Producing a Business Case for Cyber Spending: An overwhelming majority (92%) of respondents feel their CISO can produce a strategic business case for cyber spending. Since cybersecurity affects the entire organization, it should be viewed as a business issue. IT governance helps your institution ensure your technology investments support your unique goals while mitigating IT- and cybersecurity-related risk. IT governance experts can also supplement your CISO’s efforts in making a business case for cyber spending. While these responses are encouraging, many financial institutions stand to benefit from hosting internal discussions between their CISO and other C-suite executives to ensure everyone is on the same page and confident surrounding cybersecurity preparedness. Additionally, they should focus on resource optimization, streamlined processes and a commitment to ongoing education to fortify their institution against the ever-changing threat landscape. HOW DO BANKERS FEEL ABOUT CYBERSECURITY COMPLIANCE? As cybersecurity threats increase, so does regulators’ emphasis on cybersecurity compliance, which involves fulfilling necessary regulatory requirements and implementing security controls for protection. This enhanced focus requires banks to uphold a secure IT infrastructure and proactively address risks. Given regulators’ increased focus on this area, it’s no surprise that 87% percent of bankers reported being at least somewhat concerned about cybersecurity compliance. Survey results reveal that bankers are using a variety of methods and tools to stay compliant. The top tools used for cybersecurity compliance are conducting risk assessments and impact analysis studies (46%). Well-executed risk assessments are a key component of a cybersecurity plan because they help organizations identify and manage financial, operational and other risks associated with internal and external incidents. WHY INSTITUTIONS SHOULD UNDERSTAND TOP CYBERSECURITY THREATS Dealing with cybersecurity threats is nothing new for financial institutions. Still, institutions should exercise constant vigilance and stay abreast of the latest threats to ensure they mount the most effective defenses. By keeping a pulse on current threats and where the cybersecurity landscape is headed, your institution will be better positioned to keep your network, data and users secure. Learn more about bankers’ perceptions of the 2024 financial services landscape in the full Banking Priorities Executive Report by scanning the QR code. https://www.csiweb.com/docs/banking-priorities-2024/ Steve Sanders serves as CSI’s chief risk officer and chief information security officer. In his role, Steve leads enterprise risk management and other key components of CSI’s corporate compliance program, including privacy and business continuity. He also oversees threat and vulnerability management as well as information security strategy and awareness programs. With more than 15 years of experience focused on cybersecurity, information security and privacy, he employs his strong background in audit, information security and IT security to help board members and senior management gain a command of cyber risk oversight. CURRENCY | 17
RkJQdWJsaXNoZXIy MTg3NDExNQ==