Jones Walker LLP today announced the release of its 2024 Community and Mid-Size Banks Cybersecurity Survey, the fourth in the law firm’s series of industry-focused, biannual cybersecurity studies. The comprehensive report highlights significant vulnerabilities and areas for improvement among community and mid-size banks in the United States.
Based on responses from 125 banking executives, including senior risk, technology, and information security leaders, the survey provides a detailed assessment of the current state of cybersecurity awareness, confidence, and preparedness in the banking sector.
This survey is the national law firm’s fourth on the topic of cybersecurity for critical industries. In 2018, the firm’s first survey focused on the greater maritime industry. The second survey, in 2020, focused on the midstream oil and gas sector, and in 2022, the third survey focused on the nation’s ports and terminals.
“Cyber threats are evolving rapidly, and community and mid-size banks must enhance their cybersecurity posture to protect their customers and assets,” said Andy Lee, a partner and co-leader of Jones Walker’s privacy, data strategy, and artificial intelligence team and Technology Industry Team. “Our survey reveals that while banks are aware of the risks, many are not taking sufficient proactive measures to prevent breaches.”
Tom Walker, a partner on the firm’s Banking & Financial Services Industry Team and a former community bank executive vice president and director, said, “Third-party vendors are a critical resource for community banks, but also a significant source of risk. As our survey clearly points out, community and mid-size banks can do more to mitigate the risks posed by third-party vendors to their information systems, reputations, and customers’ data by following industry and regulatory standards for planning, due diligence, selection, contract negotiation, and monitoring.”
“Banks are highly regulated, but many third-party vendors are not. It is critical that banks conduct thorough due diligence on their vendors and ensure robust contractual protections are in place,” added Rob Carothers, a partner on the firm’s Banking & Financial Services Industry Team.
“As big banks continue to bolster defenses with sophisticated security technologies, cybercriminals are shifting focus to community and other smaller banks,” warned Jason Loring, a partner and co-leader of Jones Walker’s privacy, data strategy, and artificial intelligence team. “AI-based tools, however, can serve as a great equalizer for smaller banks that may have more limited resources, so long as those tools are implemented responsibly. This can help these banks maintain levels of fraud protection, regulatory compliance and operational efficiency commensurate with larger institutions.”
“We urge small and mid-size banks to shift their security mindset to one focused on cyber resilience, which emphasizes the need to anticipate new threats and continuously improve cybersecurity measures, rather than the traditional notion of achieving a static state of cybersecurity,” encouraged Lara Sevener, a partner and co-leader of the firm’s Technology Industry Team. “As security threats are constantly evolving, focusing on a culture of cyber resilience – in which organizations implement a holistic approach that includes anticipation of cyber threats likely to occur, implementation and continuous improvement of security practices and defenses, and a strong focus on business continuity in the wake of an attack – will help to minimize the disruption and negative impacts caused by any future cyber event.”
Based on the findings, the report urges banks to:
Given community and mid-size banks’ unique position at the center of local and regional economies and the trillions of dollars in assets and loans they collectively manage, they are a prime target for threat actors. We commend the strides the sector has taken so far and urge stakeholders to bolster their cyber readiness to further improve their banks’ defenses.
The 2024 Community and Mid-Size Banks Cybersecurity Survey is part of Jones Walker’s ongoing commitment to provide valuable insights into cybersecurity trends across critical industries.
About Jones Walker
Jones Walker LLP (joneswalker.com) is among the largest 145 law firms in the United States. With offices in Alabama, Arizona, the District of Columbia, Florida, Georgia, Louisiana, Mississippi, New York, and Texas, we serve local, regional, national, and international business interests. The firm is committed to providing a comprehensive range of legal services to major multinational public and private corporations, Fortune® 500 companies, money center banks, worldwide insurers, and emerging companies doing business in the United States and abroad.
All of the sources quoted in this news release are available for interviews and private briefings. Please follow a discussion about our 2024 Community and Mid-Size Banks Cybersecurity Survey on LinkedIn: #JonesWalkerCyberSurvey.