A recent BAI Banking Strategies article noted that in a survey of more than 200 U.S.-based security leaders, 60 percent of respondents stated they were certain they were victimized or have reason to believe they might have been victims of social engineering attacks. Additionally, of those attacks, 65 percent of the malicious activity pertained in some way to employees’ login credentials, and 17 percent involved accounts belonging to customers.
Given this reality, financial institutions must evaluate their cybersecurity postures in order to maintain integrity with customers, employees and the industry as a whole. The article suggested four proactive moves institutions should consider:
- Ensure you have a senior-level executive on your team dedicated to overseeing your cybersecurity program. Ideally, they should be a member of your C-suite or a chief security officer.
- Explore options for managed detection and response (MDR) partners who can monitor, detect and respond to threats, leveraging both technology and human analysis to augment your staff—thus enabling them to focus on other high priority objectives.
- Evaluate potential partners to ensure you have complete visibility into what happens behind the scenes of your security provider’s operations.
- Employ periodic penetration test assessments to stay a step ahead of the hackers, and identify whether your systems, services and data are exposed to malicious actors.
While threats raise concerns for every enterprise, the stakes become even greater for financial institutions because of the sensitive nature of the information they keep. Security represents a complex and evolving area. While the tips outlined above make for a good start to secure your organization’s sensitive information, remember, it’s just a start.

CISOs are so security-driven that "security" fits well in their job titles, but CIOs are pressured to make decisions that favor business agility above all else. With CIOs, security can be an afterthought compared with functional viability. Meanwhile, CISOs have "security" in their job titles for a reason — but a CISO who reports to a CIO or other IT operations manager is unlikely to report his or her boss to the legal department for inevitable compliance failures.
Over the past few years, federal and state regulatory bodies have started dictating that CISOs report to a risk officer, the general counsel, the CEO, or even straight to the board of directors. This is because the CISO position is no longer a niche technology role. Cyber presence is sufficiently ubiquitous today that, for many enterprise organizations, the Internet is their primary go-to-market platform.

Once organizations understand that Cybersecurity is about monetary risk and it is a business issue and not a tech issue, more and more institutions will recognize CISOs deal with far heavier risk assessment and risk management issues than do generalist IT leaders — to the point where their job is all about risk and only incidentally about IT.
According to a 2018 PwC Global Investor Survey, Cybersecurity was the No. 1 biggest threat to business. Since the CISO is, first and foremost, a risk manager, it makes sense that the CISO needs to be part of the organization's risk hierarchy instead of the IT department. It’s time to elevate the CISO to the right place in the organization. Welcome to the C-Suite Mr. CISO.
NXTsoft advocates for a C-suite level CISO at all financial institutions and has created several cybersecurity training, education and security products to help make the CISO job easier and more effective at combating cyber threats. Our ThreatAdvice vCISO solution can assist in all areas of security oversight.
What Is A Virtual CISO? A Guide On When And How To Hire One
Trying to make your decision? We prepared a checklist for your CISO hiring process.
Need to help understanding the need for a CISO? We have content to help! Learn more about the Top 10 Reasons Your Organization Needs A CISO.
Interested in learning more about our ThreatAdvice vCISO solution? This is why we believe in a virtual CISO product and why we sell vCISO.