On April 17th, Tandem released the 2nd annual report, The State of Cybersecurity in the Financial Institution Industry. In order to understand the industry better, Tandem distributed a 51-question survey to individuals of financial institutions. The survey remained open from November 1, 2019, through January 31, 2020. At the end of that timeframe, Tandem received 252 completed survey responses.

A panel of Tandem security and compliance experts analyzed the survey data to understand how financial institutions are managing cybersecurity. Through studying and parsing the data, several interesting observations and a few conclusions were identified. Here are just a few of the many trends discovered in the report:

  • Only 33% of institutions have a Board member with cybersecurity or IT experience.
  • Of those surveyed, 37% plan to increase their budget for cybersecurity.
  • 84% of institutions surveyed reported they evaluate cybersecurity controls of vendors.
  • A large majority (82%) use the FFIEC Cybersecurity Assessment Tool as their primary method of evaluating cybersecurity maturity.
  • The top 3 incidents experienced in 2019 were social engineering, third-party compromise, and accidental security breach by an employee.

To see the full analysis, download the free report: https://tandem.app/2020-survey-report

About the report

Out of 252 respondents, 80% represented banks, 15% represented credit unions, and 5% represented other institutions such as mortgage and trust companies. The asset size of the institutions fell into a bell curve across the spectrum, with 62% representing institutions with assets of $100 Million to $1 Billion: a good representation of community banks.

Tandem divided the report information into eight categories:

  1. Board Oversight
  2. Staffing & Planning
  3. Budgeting
  4. Training
  5. Cybersecurity Tools
  6. Incident Response
  7. Assurance and Testing
  8. Vendor Management

One area Tandem asked about was the makeup of the Information Security Officer (ISO) role within the institution. Of the individual responses, 9% said the ISO reports to a manager in IT, 38% said the ISO is also a manager in IT, 31% said both the ISO and the IT Manager report to eh same senior management position, and 22% said the ISO is independent of IT.

How to access the report

Access The State of Cybersecurity in the Financial Institution Industry 2020 Survey Report by visiting https://tandem.app/2020-survey-report and download the report.