Cybersecurity experts expect the trend toward increasingly sophisticated cyber-attacks
to continue in the near future. And the financial services industry, a vital component of the nation’s critical infrastructure, remains a prime target for cyber criminals.
Cyber risks, like reputational and financial risks, have the ability to affect a bank’s bottom line. It can be costly, compromising to customer confidence, and, in some cases, the bank could be held legally responsible. Beyond the impact to an individual bank, cyber risks have far-reaching economic consequences. Due to the inherent interconnectedness of the Internet, a security breach at a few financial institutions can pose a significant threat to market confidence and the nation’s financial stability.
This reinforces the notion that safeguarding against cybersecurity threats is not a problem that can be addressed by any one bank. To adequately deal with the persistent threat of cyber-attacks, financial institutions and bank regulators must come together, collaborate, identify potential weaknesses, and share industry standards and best practices.
The goal of this document is to provide you, the bank CEO, with a non-technical, easyto-read resource on cybersecurity that you may use as a guide to mitigate cybersecurity risks at your bank. This resource guide puts in one document industry recognized standards for cybersecurity, best practices currently used within the financial services industry, and an organizational approach used by the National Institute of Standards and Technology (NIST). While this resource guide is tailored for the community bank
CEO and executive staff, all bank CEOs can benefit from this guide regardless of a bank’s cybersecurity inherent risk.
While this resource guide does not guarantee protection against cybersecurity threats, it attempts to identify various resources—including people, processes, tools and technologies—that financial institutions can use to reduce the potential of a possible cyber-attack.