Bank executives and directors have listed cybersecurity as their top risk concern in five prior versions of this survey, so finding that they’re more—rather than less—worried could be indicative of the industry’s struggles to wrap their hands around the issue. This is a well done survey by Bank Director and worth the read.
Here are some headline findings: (you can find the full article here)
- Three-quarters of respondents reveal enhanced concerns around interest rate and cyber risk as top concerns.
- The percentage indicating their bank employs a CISO ticked up by seven points from last year’s survey and by 17 points from 2017.
- The CISO holds additional responsibilities at the bank (49 percent) or focuses exclusively on cybersecurity (30 percent)—a practice more common at banks above $10 billion in assets.
- How bank boards adapt their governance structures to effectively oversee cybersecurity remains a mixed bag. Cybersecurity may be addressed within the risk committee (27 percent), the technology committee (25 percent) or the audit committee (19 percent).
- Eight percent of respondents report their board has a board-level cybersecurity committee. Twenty percent address cybersecurity as a full board rather than delegating it to a committee. A little more than one-third indicate one director is a cybersecurity expert, suggesting a skill gap some boards may seek to address.
- The regulatory relief package, passed in 2018, freed banks between $10 billion and $50 billion in assets from stress test requirements. Yet, 60 percent of respondents in this asset class reveal they are keeping the Dodd-Frank Act (DFAST) stress test practices in place.
- For smaller banks, more than three-quarters of those surveyed say they conduct an annual stress test.
- Following a statement issued by federal regulators late last year, 71 percent indicate they have implemented or plan to implement more innovative technology in 2019 to better comply with Bank Secrecy Act/anti-money laundering (BSA/AML) rules. Another 10 percent will work toward implementation in 2020.
- Despite buzz around artificial intelligence, 63 percent indicate their bank hasn’t explored using AI technology to better comply with the myriad rules and regulations banks face.