Cyber and Technology Risk Management Forum, Park City, UT

Transformational change needed due to accelerating risks • Add cyber talking points to every speaking event. Shift thinking from compliance. • Require EIC to discuss cybers at each intro and exit meeting. • Strengthen IT training – include all non-IT examiners. • Share the “Best Practice” documents with every bank’s CEO. • Review/strengthen the state’s IT/ Cyber examination procedures. • Ask for additional resources – or reallocate resources to cyber.

Steps SBDs should Consider: (Cont.)

• Action Items: • Evaluate if your banking department has the right focus on cyber. • Put cyber in every kick-off and board meeting • Talk to bankers about security thinking (NIST - use CSBS Cybersecurity 101) • Direct bankers to CIS Top 20 (fka SANS Top 20) • Share Bankers ECTF Best Practices