June 8, 2024 / VOLUME NO. 317

The Boardroom Nag

Chief information security officers have a tough job. They’re confronting an increasing and evolving set of risks. And on top of it all, they don’t always get a lot of respect in the boardroom.

At least, those are the results the cybersecurity firm Trend Micro published in April in a survey of 2,600 global information security officers. The survey found that 79% felt pressure from their boards to downplay risks, and two-fifths of those felt like they were seen as repetitive, nagging or overly negative.

Although the survey wasn’t specific to banking, Cy Sturdivant, a principal at the professional services firm Forvis Mazars LLP, says he’s careful not to nag when he presents to bank boards about their institution’s security. Instead, he wants to engage the board in a discussion of the bank’s risks and encourage directors to provide credible challenge to management. To do so, board members must educate themselves about cybersecurity. Sturdivant recommends at least one cyber expert be on the board. Individual board members should ask CISOs for recommendations on resources that would bring them up to speed on risks. 

Getting the board’s attention isn’t always easy, however. The bigger the bank, the busier the board meeting agenda, where cybersecurity vies for attention amid discussions of rising interest rates, liquidity, growth and profitability. 

But despite the difficulties of focusing on cybersecurity, boards would do well to educate themselves enough to ask tough questions of management, hold the cybersecurity team accountable and oversee evolving threats. Failing to do so could put the bank at risk. 

In the Trend Micro survey, 34% of CISOs said cybersecurity was still treated as part of information technology rather than a business risk. Most bank boards do understand cyber is a significant risk, Sturdivant says. He worries about those boards that don’t. “Instead of viewing this as a compliance exercise, [board members] should have an understanding and a desire to build the best cyber program to keep their bank and their customers safe,” he says. 

• Naomi Snyder, editor-in-chief for Bank Director

Funding Fears Transform Into Profitability Woes

The impact of higher-cost funding is showing up in bank margins, leading to an increase in unprofitable community banks at the end of 2023.


“There’s not a God-given right to having a high net interest margin.” — Jeff Davis, Mercer Capital 

• Kiah Lau Haslett, banking & fintech editor for Bank Director

Insights Report: Fighting Payments Fraud on All Fronts

Fraud mitigation can never be 100% foolproof, but technology can help banks fight bad actors.

Model Validation and Bank Examiners' Rising Expectations

As the banking environment continues to change, bankers face increased pressure and expectations to verify that the models they use behave as expected.

Is Low-code or No-code Software Worth It for Banks?

Low-code and no-code platforms are reshaping financial software development, democratizing innovation, slashing costs and accelerating time to market.

The CFPB Is Here to Stay. What's Next for Community Banks?

Fee income could get tighter and scrutiny could ramp up after a Supreme Court ruling affirmed the constitutionality of the Consumer Financial Protection Bureau’s funding structure.

About Bank Director

Bank Director provides research, peer-insight and executive and board services to the financial industry. CEOs, CFOs, Chairs and leadership teams at financial institutions, fintechs and financial services firms turn to Bank Director to keep pace with their ever-evolving business landscape.