February 26, 2022 / VOLUME NO. 198


Cybersecurity in the Spotlight

The Russian invasion of Ukraine has put governments around the world on high alert. Continued military incursion and the retaliatory response of economic sanctions and other actions have once again brought cyberattacks and cybersecurity into the forefront for banks in the United States, both big and small. 

Ahead of the Feb. 23 invasion, government officials, including the Treasury Department, met with several big bank CEOs to discuss cyber defenses and the potential of coordinated Russian hacking. Outside of governments, groups like the Financial Services Information Sharing and Analysis Center are also watching for threats. 

“Our global intelligence team has set up the appropriate communication channels to equip the financial services industry with the pertinent cybersecurity information and guidance,” said FS-ISAC CEO Steve Silberstein in a statement to The New York Times.

To that end, Bank Director is resharing its guide to cybersecurity questions and select considerations for bank boards to discuss their own institution’s defenses and resiliency. The list accompanied our fourth quarter 2021 magazine article about ransomware, but remains relevant for any potential cyber threat and attack. Directors should also engage with external resources on specific concerns and strategies that are appropriate for their bank.

1. Is Our Data Secure?

Is bank data encrypted? Are there copies stored in secure, offline backups? Do we use technology that could detect if an attacker has gained access to our systems?

2. What Tools Do We Have at Our Disposal?

Is our network configured to its strongest setting? What’s our process for ensuring software is immediately patched when a vulnerability is discovered, and are excuses and delays tolerated in our organization? What are the ongoing investments the bank is making to maintain its cybersecurity infrastructure? What areas should we consider improving?

3. What Is the Bank’s Third-Party and Vendor Risk?

What kind of risks do our vendors create for us, and how do we address that? How do we monitor broad threats that might target our vendors or our competitors? 

4. What Is Our Incident Response Program?

What is the bank’s backup and recovery plan? Who will we reach out to externally after an attack, such as our cyber insurer, law enforcement contacts, regulators and other forensic experts? 

5. Would We Ever Pay a Ransom?

Is there any situation where we would consider paying a ransom? What steps are we prepared to take to avoid paying a ransom?

• Kiah Lau Haslett, managing editor of Bank Director


Should More Community Banks Be B Corporations?

Does B corporation status give some community banks an edge for customers and talent?

“A lot of banks probably could be certified as B corp, because inherently what they do is all about the mission in their respective community.” — Bryan Toft, Sunrise Banks

• Emily McCormick, vice president of research for Bank Director

Read Article

Using Modern Compliance to Serve Niche Audiences

Banks can create appropriate safeguards that allow them to creatively address the needs of communities through niche and targeted offerings.


How Bankers Can Use Relativity to Power Tech Decisioning

Tech-forward banks stay innovative by leveraging a concept from physics in order to speed up their decision-making process.


Creating a Better Business Banking Experience

Building and strengthening relationships with business account holders is becoming a bigger priority for all banks.


A Front Row Seat on Banking’s Consolidation

Stream the latest episode of Bank Director’s podcast, The Slant, on Spotify and Apple Music!