Pub. 14 2019-2020 Issue 4

WWW.NEBANKERS.ORG 20 midsize respondents, this cybersecurity spend was much lower than the $2,700 cited by their large respondents. When it comes to building a successful cybersecurity program, however, the report noted that advanced respondents did NOT necessarily spend more on cybersecurity than less advanced re- spondents. The biggest takeaway fromthe report is HOW a cyber- security program is planned, implemented, and managed is more effective than the percentage of revenue allocated to cybersecurity. Key Characteristics of a Successful Cybersecu- rity Program Deloitte’s study also identified the three key characteristics of financial institutions that have built successful and effective cybersecurity programs, including: Involvement Effective cybersecurity programs commonly have secured strong executive and board involvement. Involved executiveman- agement monitors cybersecurity risk in the same perspective as financial risk, lending risk, compliance risk and other company risks. One of the major report findings is that a lack of manage- ment support and inadequate funding was a leading challenge among respondents. Going beyond setting the overall security strategy, the report found engagedmanagement reviewed threats and cybersecurity risks, monitored the cybersecurity program, and assessed their organization’s vulnerability to a third party’s public breach. Better awareness of threats and cyber risk, along with the implications of a cyber incident to the institution, ac- celerates management engagement, and focus the management team on the institution’s current challenges while maintaining appropriate funding. 2 © 2019 SBS CyberSecurity, LL the $2,300 per FTE estimate from the Deloitte report appears to be at the 90 bps range for the average performin community based financial institution. The Deloitte report noted small respondents budgeted a lesser percentage of their revenue (20 bps) on cyber than di midsize (50 bps) or large companies (40 bps). While small responden s’ average spend of $2,100 per FTE match that o midsize respondents, this cybersecurity spend was much lower than the $2,700 cited by their large respondents. When it comes to building a successful cybersecurity program, however, the report noted that advanced respondents di NOT necessarily spe ore on cybersecurity th n less advanc d res ondents. The biggest take w y from the report i HOW a cybersecurity program is planned, implemented, and managed is more effective than the percentage of revenu allocated to cybersecurity. Key Characteristics of a Successful Cybersecurity Program Deloitte’s study also identified the three (3) key characteristics of financial institutions that have built successful an effective cybersecurity programs, including: Involvement Effective cybersecurity programs commonly have secured strong executive and board involvement. Involved executiv management monitors cybersecurity risk in the same perspective as financial risk, lending risk, compliance risk an other company risks. One of the major report findings is that a lack of management support and inadequate fundin was a leading challenge among respondents. Going beyond setting the overall security strategy, the report foun engaged management reviewed threats and cybersecurity risks, monitored the cybersecurity program, and assesse their organization’s vulnerability to a third party’s public breach. Better awareness of threats and cyber risk, alon with the implications of a cyber incident to the institution, accelerates management engagement, and focus th management team on the institution’s current challenges while maintaining appropriate funding. Alignment Cybersecurity is an enterprise issue that goes beyond information technology. Effective cybersecurity program recognize that cyber threats are one of the most critical risk exposures facing the financial industry. Cybersecurity i not merely a technology issue. While the cybersecurity program may have originated in the IT function, effectiv programs raise the profile of cybersecurity at the institution, allowing decision-making to be independent of othe Total Per FTE Total Per FTE Total Per FTE $50 m 2,470 $ 9.524 4,940 $ 519 $ 7,410 $ 778 $ 22,230 $ 2,334 $ $100M 4,940 $ 19.048 9,880 $ 519 $ 14,820 $ 778 $ 44,460 $ 2,334 $ $500M 24,700 $ 95.238 49,400 $ 519 $ 74,100 $ 778 $ 222,300 $ 2,334 $ $1 B 49,400 $ 190.476 98,800 $ 519 $ 148,200 $ 778 $ 444,600 $ 2,334 $ Spend 30 bps Spend 20 bps Spend 90 bps Revenue 4.94% (1,000) Average Assets FTE Tech Talk — continued fro page 19 Since 1857, Cline Williams has devoted attention t the unique needs of the banking nd nancial services industries. Since th n, we have provided our clients with the resources they need in the areas that are most important to them – from lending and collections, to regulatory compliance, to mergers and acquisitions, and so much more. We’re more than a law rm. We’re a partner for your bank. | | | | |