What You Need to Know from the 2023 Cybersecurity Outlook for Community Banks and Credit Unions

As cyber threats become more complex, aggressive, and prevalent, implementing cybersecurity mitigation strategies is becoming more critical in the financial services sector. Not surprisingly, cyber preparedness and budget restraints are the top security challenges for more than half of the financial institutions that responded to the Safe Systems survey, 2023 Cybersecurity Outlook for Community Banks and Credit Unions.

Our analysis presents input from approximately 160 participants who responded to 55 questions (including multiple-choice) based on how relevant each query was to their organization.* In addition to focusing on the top security challenges, the survey highlights respondents’ input on several other critical areas, including:

• Prevention and Detection Security Layers: Modern operating environments require a more robust security strategy that goes beyond implementing a basic firewall or anti-malware solution to protect their information and infrastructure from the growing number of cyber threats. Survey respondents are implementing multiple security layers, including firewall, patch management, anti-malware, email encryption, employee training and testing, vulnerability monitoring, and security log monitoring. However, less than 50% of all respondents use every security layer listed in the survey, which indicates they can do more to protect themselves against cyberattacks.
• Employee Security Awareness Training and Testing: 95% of all cybersecurity issues can be linked to mistakes made by individuals, with 43% of breaches attributed to insider threats, according to the 2022 Global Risk Report by the World Economic Forum, making employee security awareness training and testing critical for financial institutions. Accordingly, survey respondents are deploying multiple types of security training, including simulated phishing attacks, self-service online training and exercises, interactive classroom training, and more. Of the 144 participants responding to this question, 60% indicate they conduct individual training based on need, which is notable because this method of instruction normally requires more time and resources.
• Advanced Firewall Features: A majority of the participants responding to this question indicate that they are using one or more advanced firewall (or next-gen firewall) features, such as intrusion prevention or detection systems (IPS/IDS), transport layer security (TLS)/secure socket layers (SSL), and Geo-IT filtering. Whether managed in-house or through an outside provider, these expanded capabilities can help institutions protect their network and institution against a broad array of threats. Sandboxing, for example, provides a safe, isolated environment to execute and observe potentially malicious code from unverified programs, files, suppliers, users, or websites. Out of 135 respondents, only 24% indicate they have sandboxing despite its ability to identify threats.
• Cybersecurity Preparedness: Examiners recognize the increasing volume and sophistication of cyber threats and have an increased focus on cybersecurity preparedness in assessing the effectiveness of an institution’s overall information security program. Out of 128 respondents, 52% confirm that the focus on information security, including cybersecurity, has increased during their IT audits and exams. IT examiners and auditors are also reviewing whether institutions have completed any of the common cybersecurity assessments (e.g., CAT, ACET, or CRI/NIST), and they are using them to evaluate institutions’ security posture during an exam. According to the same respondents, 43% say they had their cybersecurity assessment reviewed and used as part of their latest IT exam, and 39% indicate that they received recommendations based on it.

To access the complete survey and gain valuable peer-to-peer insights that can help your institution enhance its cybersecurity decision-making process, read “2023 Cybersecurity Outlook for Community Banks and Credit Unions“.