How to Prepare Your Board for Complying with Cybersecurity Regulations

A year ago, regulators in New York decided to crack down on cybersecurity trends. They released a new set of regulations requiring banks and other financial institutions to establish a stricter cybersecurity program. This included reporting various data breaches, ransomware, and phishing attacks potentially harming consumer data.

The new regulations also required companies to report to the New York State Department of Financial Services at least annually to certify that cybersecurity procedures are in place and operating appropriately. Banks must report for the first time by February 15, 2018.

Let's see... regulation and banking. It might not sound like anything new to you, but there is one catch: this certification must be signed by your bank's board members. Why is this trick? According to a survey by compliance provider Diligent distributed by Bank Innovation, more than 60% of board members from various banks and financial institutions indicate they are not required to pass any cybersecurity training to serve in their role. Only half of the 381 respondents indicated they completed any sort of cyber security training for their position in the past year.

So, given the current nature of board competency with cybersecurity, how can banks better prepare them to meet this compliance?

Ultimately, access to classified alone is not enough. Top executives and board members must pass cybersecurity training courses, become familiar with basic security measures, and be diligent and intentional with their daily communication. You can't rely on your IT team to have everything in place for you. Your bank's CFO must have a reporting accountability at the board table every meeting so awareness is always there on big and small cyber attacks.

How familiar is your bank's board with the state of cybersecurity in your organization and the immediate landscape? Do you need to implement any of the recommendations discussed here?