OFFICIAL PUBLICATION OF THE INDEPENDENT COMMUNITY BANKERS OF COLORADO

Pub. 3 2024 Issue 3

2024’s Top Cybersecurity Threats

2024’s Top Cybersecurity Threats

As the process of protecting systems, networks and endpoints from attack, cybersecurity is critical to any organization. Since banks must protect customer data, keeping up with evolving cyber threats and concerns is vital. In its annual “Banking Priorities” survey, CSI asked bankers across the country about their views on top cybersecurity challenges. This article explores how bankers view the changing cybersecurity landscape.

Exploring Bankers’ Top Cybersecurity Concerns

As part of our country’s critical infrastructure, financial institutions are prime targets of cyberattacks and must navigate an evolving threat landscape. Let’s examine the breakdown of bankers’ top cybersecurity concerns in this year’s survey:

  • Adapting to Changes in the Cyber Insurance Market: The results reveal that 19% of bankers view this as their top concern, which is unsurprising as cyber incidents continue to rise. In addition to cybersecurity monitoring solutions and increased personnel training, cyber liability insurance provides another layer of protection for institutions in the event of an attack. This result highlights a potential uncertainty about upcoming developments in the cyber insurance market, whether regarding price increases or coverage exceptions. Institutions should carefully review their coverage, and some are seeking assistance from IT governance services to evaluate their needs.
  • Being Unprepared to Respond to a Cyberattack: 18% of bankers expressed concern with their preparedness for cyberattack responses. As incidents evolve, institutions must ensure they plan accordingly, including developing and testing robust incident response plans (IRPs) that detail the steps to take in the event of a cybersecurity incident. Having an established IRP makes it easier for institutions to act decisively and minimize negative consequences if faced with a cyberattack.
  • Lack of Compliance with Cybersecurity Frameworks: 17% of bankers selected lack of compliance with cybersecurity frameworks as a top concern. Implementing robust cybersecurity frameworks, such as the National Institute of Standards and Technology’s Cybersecurity Framework (NIST CSF), helps institutions identify and apply solid controls in high-risk areas. Proven frameworks also enable banks to maximize compliance initiatives and cybersecurity spending.
  • Cyber Risks Not Being a Priority for Executive Leadership: This year, 17% of respondents indicated concern that cyber risks are not a priority for their institution’s executive leadership. Institutional leadership should recognize cybersecurity as a business issue, and a chief information security officer (CISO) plays an important role in guiding cybersecurity spending.

Are Bankers Ready to Respond to Cybersecurity Threats?

Preparing for the inevitable cyberattack is a never-ending responsibility. Let’s gain insight into banking executives’ perspectives on their own cybersecurity readiness:

  • Improving Cybersecurity Education: 92% of respondents agree — with 50% strongly agreeing — that their bank could improve cybersecurity education. If your employees receive a suspicious email, do they know the proper steps to report it? Educating employees on evolving threats and the latest social engineering schemes is one of the most effective ways to mitigate cyber risk.
  • Understanding Cyber Risk: Most respondents (89%) agree they understand their institution’s cyber risk. But as risk continues to evolve, are banks keeping up with the latest threats? Understanding recent cyber incidents provides key insight into how bad actors execute attacks and helps institutions stay one step ahead. As discussed previously, consider implementing a cybersecurity framework to guide risk mitigation if you haven’t already.
  • Producing a Business Case for Cyber Spending: An overwhelming majority (92%) of respondents feel their CISO can produce a strategic business case for cyber spending. Since cybersecurity affects the entire organization, it should be viewed as a business issue. IT governance helps your institution ensure your technology investments support your unique goals while mitigating IT- and cybersecurity-related risk. IT governance experts can also supplement your CISO’s efforts in making a business case for cyber spending.

While these responses are encouraging, many financial institutions stand to benefit from hosting internal discussions between their CISO and other C-suite executives to ensure everyone is on the same page and confident surrounding cybersecurity preparedness. Additionally, they should focus on resource optimization, streamlined processes and a commitment to ongoing education to fortify their institution against the ever-changing threat landscape.

How Do Bankers Feel about Cybersecurity Compliance?

As cybersecurity threats increase, so does regulators’ emphasis on cybersecurity compliance, which involves fulfilling necessary regulatory requirements and implementing security controls for protection. This enhanced focus requires banks to uphold a secure IT infrastructure and proactively address risks. Given regulators’ increased focus on this area, it’s no surprise that 87% of bankers reported being at least somewhat concerned about cybersecurity compliance.

Survey results reveal that bankers are using a variety of methods and tools to stay compliant. The top tools used for cybersecurity compliance are conducting risk assessments and impact analysis studies (46%). Well-executed risk assessments are a key component of a cybersecurity plan because they help organizations identify and manage financial, operational and other risks associated with internal and external incidents.

Why Institutions Should Understand Top Cybersecurity Threats

Dealing with cybersecurity threats is nothing new for financial institutions. Still, institutions should exercise constant vigilance and stay abreast of the latest threats to ensure they mount the most effective defenses. By keeping a pulse on current threats and where the cybersecurity landscape is headed, your institution will be better positioned to keep your network, data and users secure.

Steve Sanders serves as CSI’s chief risk officer and chief information security officer. In his role, Steve leads enterprise risk management and other key components of CSI’s corporate compliance program, including privacy and business continuity. He also oversees threat and vulnerability management as well as information security strategy and awareness programs. With more than 15 years of experience focused on cybersecurity, information security and privacy, he employs his strong background in audit, information security and IT security to help board members and senior management gain a command of cyber risk oversight.

Get Social and Share!

Sign Up to Receive this Publication in your inbox

More In This Issue