Executive Letter: Bolstering Your Bank’s Cybersecurity

Rose Oswald PoelsBy Rose Oswald Poels

WBA’s Secur-I.T. and BSA/AML Conference was held this week in Wisconsin Dells, and the event draws renewed attention to one of the top issues that members relay to me: cybersecurity. While this issue has been a concern for years, the risk of cyber-related breaches and attacks has grown exponentially in the past 18 months, with more consumers transacting business digitally than ever before. The risk is also further heightened with more employees, including bank employees, working remotely.

Many bank presidents share their frustration with me that cybersecurity seems to be a cost and reputational risk that no one has enough resources to guard fully against. Unfortunately, it is true that for a bank to have an effective cybersecurity strategy, it will require sufficient resources both in terms of staff and money. Respondents to a 2020 Deloitte survey of financial institutions reported spending about 10.9% of their IT budget on cybersecurity on average, up from 10.1% in 2019. In terms of spending per employee, respondents spent about $2,700 on average per full-time employee (FTE) on cybersecurity in 2020, up from about $2,300 the prior year.

Sending your employees to WBA training events on the topic, like today’s conference, is one way to ensure your team stays current on the most recent trends in cybersecurity and incident response techniques. FIPCO also offers assistance to banks in the area of cybersecurity through the services offered in the Information Security and Audit team. FIPCO provides a consultative approach to the review of a bank’s administrative, technical, and physical controls over the computing environment including protecting business systems. The FIPCO team provides consultation and advice to help institutions understand the who, what, where, and why of building an information security program to industry accepted practices that will meet today’s as well as future state, local, and federal regulations, and especially to deal with examiner comments. FIPCO can offer both solutions and expertise to help your bank. Finally, Midwest Bankers Insurance Services provides cyber insurance for your bank to help guard against losses. In their 2021 Cost of a Data Breach Report, IBM Security and the Ponemon Institute calculate that the average total cost of a data breach is $4.24 million, a 10% increase from 2020–2021. The per-record cost of personally identifiable information averaged at $180. If (or more like when in today’s environment) your bank experiences a cyber-related incident, MBIS agents will work side by side with your bank staff and the carrier to work through the proper steps to respond to such incidents.

Cybersecurity will never be an issue that disappears as our world only grows in its reliance on technology. Protecting your bank’s reputation and preserving your customers’ trust are critical to the success of your bank, which means that a cybersecurity breach or more serious incident can be detrimental to these goals. WBA remains an active partner with all of its member banks in helping to ensure your bank and staff are in the best position possible to protect against these threats, as well as respond to them as quickly and efficiently as possible.