Banking industry still lags on cybersecurity
More respondents (34 percent) say their boards are reviewing cybersecurity at every board meeting, compared to 18 percent in last year's survey, indicating an enhanced focus on cybersecurity oversight.
Additionally, more banks are now employing a chief information security officer (CISO), who is responsible for day-to-day management of cybersecurity.
However, the survey results also reveal that many banks still aren't doing enough to protect themselves—and their customers.
Less than 20 percent of respondents say their bank has experienced a data breach, but those who do are just as likely to represent a small institution as a large one, further proof that cybersecurity can no longer be discussed as only a "big bank" concern.
The 2016 Risk Practices Survey examines risk governance trends at U.S. banks, including the role of the chief risk officer and how banks are addressing cybersecurity.
The survey was completed in January by 161 independent directors, chief risk officers (CRO), chief executive officers (CEO) and other senior executives of U.S. banks with more than $500 million in assets. ■