Since banks must protect customer data, keeping up with evolving cyber threats and concerns is vital. • Lack of Compliance with Cybersecurity Frameworks: 17% of bankers selected lack of compliance with cybersecurity frameworks as a top concern. Implementing robust cybersecurity frameworks, such as the National Institute of Standards and Technology’s Cyber Security Framework (NIST CSF), helps institutions identify and apply solid controls in high-risk areas. Proven frameworks also enable banks to maximize compliance initiatives and cybersecurity spending. • Cyber Risks Not Being a Priority for Executive Leadership: This year, 17% of respondents indicated concern that cyber risks are not a priority for their institution’s executive leadership. Institutional leadership should recognize cybersecurity as a business issue, and a chief information security officer (CISO) plays an important role in guiding cybersecurity spending. Are Bankers Ready to Respond to Cybersecurity Threats? Preparing for the inevitable cyberattack is a never-ending responsibility. Let’s gain insight into banking executives’ perspectives on their own cybersecurity readiness: • Improving Cybersecurity Education: 92% of respondents agree — with 50% strongly agreeing — that their bank could improve cybersecurity education. If your employees receive a suspicious email, do they know the proper steps to report it? Educating employees on evolving threats and the latest social engineering schemes is one of the most effective ways to mitigate cyber risk. • Understanding Cyber Risk: Most respondents (89%) agree they understand their institution’s cyber risk. But as risk continues to evolve, are banks keeping up with the latest threats? Understanding recent cyber incidents provides key insight into how bad actors execute attacks and helps institutions stay one step ahead. As discussed above, consider implementing a cybersecurity framework to guide risk mitigation if you haven’t already. • Producing a Business Case for Cyber Spending: An overwhelming majority (92%) of respondents feel their CISO can produce a strategic business case for cyber spending. Since cybersecurity affects the entire organization, it should be viewed as a business issue. IT governance helps your institution ensure your technology investments support your unique goals while mitigating IT- and cybersecurity-related risk. IT governance experts can also supplement your CISO’s efforts in making a business case for cyber spending. While these responses are encouraging, many financial institutions stand to benefit from hosting internal discussions between their CISO and other C-suite executives to ensure everyone is on the same page and confident surrounding cybersecurity preparedness. Additionally, they should focus on resource optimization, streamlined processes and a commitment to ongoing education to fortify their institution against the ever-changing threat landscape. How Do Bankers Feel about Cybersecurity Compliance? As cybersecurity threats increase, so does regulators’ emphasis on cybersecurity compliance, which involves fulfilling necessary regulatory requirements and implementing security controls for protection. This enhanced focus requires banks NEBRASKA INDEPENDENT BANKER 11
RkJQdWJsaXNoZXIy ODQxMjUw