Content area
Community banks and credit unions with inadequate programs to fight cyber risk may soon be hearing about it from their examiners. New cybersecurity regulatory assessments -- now being piloted at more than 500 community-sized institutions as part of regular safety and soundness exams -- are meant largely to help authorities gauge cyber-risk readiness at smaller banks that lack the resources available to their larger counterparts. Cybersecurity experts say the assessments are likely to address the level of engagement and accountability of boards and senior-level experts as they relate to the institution's technology risk management. Some analysts note that the practice of outsourcing has led some executives to believe, wrongly, that they have outsourced the risk.