Data and Cyber Security Advocacy
Robust cybersecurity and data protection are critical to maintaining trust and compliance in community banking. Learn how advanced defenses and risk management strategies shield sensitive information from growing cyber threats.
Take Action Today
Help advocate for community banking by writing a letter to congress.
Join the ICBA Community
Explore the ICBA Community to see discussions on this and other issues.
Position & Background
Any new Federal or state legislation, regulation, or guidance related to data or cybersecurity should be non-proscriptive and non-duplicative.
ICBA suggests that regulators broaden their supervision to include all companies that have access to consumer financial data.
Regulators should not mandate the use of any one framework, tool, or assessment, but rather support community banks’ ability to use the framework, tool or assessment that best suits their institution’s size, complexity, and risk tolerance.
ICBA supports bi-directional sharing of threat intelligence between the financial sector and the government.
ICBA supports stronger cybersecurity standards and practices for government.
ICBA supports financial sector initiatives such as .BANK and Sheltered Harbor.
To better address increasingly sophisticated threats, state and federal legislation, regulation, and guidance should enable community banks to implement risk-based security programs. Lawmakers and regulators should harmonize future legislation or regulatory action with existing regulatory requirements.
Additionally, regulators should broaden their supervision to include all companies that have access to, use, or store consumer financial data. These companies should be subject to the standards outlined in the Gramm-Leach-Bliley Act (GLBA).
Community banks have various sizes, complexities, and risk tolerances. As such, regulators should allow community banks to choose the assessment tool that best fits their institution’s risk profile.
ICBA recognizes that the U.S. Government also has a responsibility to safeguard financial and personally identifiable information (PII) and to provide banks with visibility into the government’s business continuity, incident response, and other critical resiliency plans. Bi-directional threat information sharing initiatives, such as the Financial Services Information Sharing and Analysis Center (FS-ISAC), are critical to threat mitigation.
.BANK, Sheltered Harbor, and other financial sector efforts enhance protection for bank customer account data.
Letters & Testimonies
Joint Letter on Reauthorizing the Cybersecurity Information Sharing Act
ICBA Expert Contact
