77% of Banks Surveyed List Cybersecurity as an Area of Concern, CISO Plays Important Role

The survey was conducted in January of 2016 by BankDirector.com where they asked executives and board members at 161 different financial institutions of various sizes a wide range of questions regarding culture, preparedness, and concerns related to risk.

My key takeaways for banks under $1B (where most of my focus lies):

• 77% of respondents listed cybersecurity as a concern, compliance being a distant second at 46%
• 37% didn't have a full-time CISO, 75% of those stating the responsibility lies with IT staff, 7% with the Risk Officer, and 18% assigned it to "Other"
• Only 50% have completed the FFIEC CAT
• Only 41% of those completing the CAT have implemented a plan to attain their target maturity level
• The report did a break-down in most categories, comparing preparedness of those with a CISO and those without, and in almost every category, the banks with a CISO were more prepared than those who assigned the duties elsewhere

If this is your situation, there are ways to achieve the  benefits of a full-time CISO at a fraction of the cost.  It may be time to consider alternative approaches to strengthen and enhance your cybersecurity program.

Read the full report here...