BRENTWOOD, Tenn.—The leaders of the nation’s banks are more worried than ever about cybersecurity, a new report reveals.
Eighty-three percent of chief risk officers, chief executives, independent directors and other senior executives of U.S. banks responding to Bank Director's 2019 Risk Survey say their concerns about cybersecurity have increased over the past year.
Executives and directors have listed cybersecurity as their top risk concern in five prior iterations of Bank Director's annual survey, which is based on the views of 180 executives representing banks ranging from $250 million to $50 billion in assets, and which assesses the current risk landscape, including cybersecurity oversight, risk governance, the impact of regulatory relief on risk practices, the potential effect of rising interest rates and the use of technology to enhance compliance.
Can’t Wrap Arms Around Issue
“Finding that these leaders are more—rather than less—worried about cybersecurity could be indicative of the industry's struggles to wrap their hands around the issue,” the Risk Survey found.
Among the findings in the latest survey:
- The majority of bank boards tend to oversee cybersecurity within a committee rather than as a full board, but exactly which committee is focused on the task is a mixed bag. Twenty-seven percent of respondents say their board addresses cybersecurity within the risk committee, 25% within the technology committee and 19% within the audit committee.
- Board-level cybersecurity committees remain rare: Just 8% report their board has one. And roughly one-third indicate one director is a cybersecurity expert, suggesting a skill gap some boards may seek to address.
- More banks are hiring chief information security officers. Thirty percent indicated the CISO focuses exclusively on cybersecurity—a practice more common at banks above $10 billion in assets. Almost half say their bank's CISO holds additional responsibilities within the organization.
More Findings
The 2019 Risk Survey, which was conducted in January 2019, also found:
- Rising concerns around interest rate risk: 58% expect to lose deposits if the Federal Reserve raises interest rates by more than one hundred basis points (1 percentage point) over the next 18 months. Thirty-one percent lost deposit share in 2018 as a result of rate competition.
- Stress testing yields benefits: 60% of respondents from banks between $10 billion and $50 billion in assets reveal they are keeping Dodd-Frank Act stress test practices in place, despite passage of the regulatory relief package last year. The Economic Growth, Regulatory Relief and Consumer Protection Act freed banks from this requirement.
- More than three-quarters of those surveyed from banks below $10 billion say their bank conducts an annual stress test.
- Following a statement issued by federal regulators late last year, 71% indicate they have implemented or plan to implement more innovative technology in 2019 to better comply with Bank Secrecy Act/anti-money laundering (BSA/AML) rules. Another 10% will work toward implementation in 2020.
- Despite buzz around artificial intelligence, 63% indicate their bank hasn't explored using AI technology to better comply with the myriad rules and regulations banks face.