Landing cybersecurity expertise on the board
By Maria Korolov
Many community banks understand that having technology expertise on their boards is a competitive advantage, not just to help with managing their technology but also to bolster their cybersecurity.
“There’s a lot of technology that drives the banking business, and it’s important for them to understand how technology is an enabler of that,” says Viviana Campanaro, director of security and compliance at the technology services firm All Covered, a division of Konica Minolta Business Solutions USA Inc.
A bank board’s technology expert would be there to ask the right strategic, tactical and operational questions, and even potentially to engage and question the judgment of auditors and examiners during the IT examination process, Campanaro says.
A cybersecurity expert on the board would help address cybersecurity issues right from the start of any major new project, says Peter Dugas, with the technology services firm FIS in Jacksonville, Fla. In addition, the board’s point person on cybersecurity would help keep an eye on the broader picture, he says. “They must understand what the broader threats are, across their industry and across multiple sectors.”
Campanaro says community banks could look to technology companies to find cybersecurity experts. Potential conflicts of interest should be considered, however. An employee of a current service provider, or a competitor of a current vendor, should probably not serve as a director. People with technology expertise who serve as directors for other banks might be board talent to recruit, offers Ernest Badway, co-chair of the securities industry practice at Philadelphia-based Fox Rothschild LLP.
A former SEC enforcement attorney who represents banks to regulators, Badway says a bank board’s point person on cybersecurity doesn’t necessarily have to start with extensive cybersecurity expertise. Any director with appropriate motivation and training can step up and into the role, he says.
Banks can train their own cybersecurity experts, Dugas agrees. Demonstrating ongoing training for all board members on cybersecurity issues will help attract and keep board talent, he says.
Maria Korolov is a freelance technology writer in Massachusetts.