Banks have been prime targets for cyber criminals, with breaches reported at many financial institutions, including some of the nation’s largest. In addition to large banks, there are over 6,000 community banks in the country, holding $3.8 trillion in assets, $3.0 trillion in deposits and $2.5 trillion in loans to customers, according to the Independent Community Bankers of America®. Cybersecurity at all banks, large and small, has been a focus of government regulators.
On February 1, 2016, the Federal Deposit Insurance Corporation published an article, “A Framework for Cybersecurity,” in the Winter 2015 edition of its Supervisory Insights newsletter. The article details the continuing cybersecurity threat to financial institutions, including community banks, and provides a framework for a robust cybersecurity program. It also summarizes prior government efforts to assist financial institutions in developing cybersecurity programs and contains references to many free cybersecurity resources available.
A key theme of the article is that bank board members and management must be involved in implementing a cybersecurity program. The article’s conclusion states that “Cyber risk is a substantial business risk. A bank’s board and senior management must understand the seriousness of the threat environment and create a cybersecurity culture throughout the organization. The effective identification and mitigation of cyber risk must be grounded in a strong governance structure with the full support of the board and senior management.”