Our Position

Cyber Incidents and Breaches


  • ICBA supports national incident reporting standards.
  • ICBA supports third-party incident and breach notifications to banks.
  • ICBA supports assigning the cost of an incident or data breach to the party that incurs the breach.
  • ICBA supports US Government reporting incidents to banks.


Community banks are on the frontline defending the financial sector and bank customers against cyber threats. Safeguarding customer information is critical to maintaining the public’s trust. Data breaches in the private and public sectors continue to jeopardize consumer financial data and increase the chances of identity theft, the use of synthetic IDs, and financial fraud of all types.

To better address the increased threat and provide banks better access to actionable threat intelligence and clearer requirements, new Federal incident notification laws should supersede state laws. Often the patchwork of state laws creates requirements that are overly broad, often conflict with one another, increase burdens and costs, foster confusion, and are detrimental to customers because of the difficulty to implement.

It is important that community banks receive timely notification from the public and private sectors, concerning the nature and scope of any breach that may have compromised consumer information so that they may take steps to mitigate any damage.

The costs of data breaches should be borne by the party that incurs the breach. Barring a shift in liability to the breached entity, community banks should have continued access to various cost-recovery options, including account recovery programs and litigation. Too often, the breached entity evades accountability while financial institutions are left to mitigate damages to their customers.

Lastly, the government, including regulatory agencies, continue to be the subject of cyber incidents and data breaches resulting in the loss of consumer data. Like banks, governmental departments and agencies have a responsibility to report incidents. Liability for the breach of governmental systems should not be unfairly born by community banks.

Staff Contact

Susan Sullivan

Senior Vice President, Congressional Relations

Washington, DC


Steven Estep

Assistant Vice President, Operational Risk

Washington, DC


Be Heard

Direct grassroots advocacy is essential to promoting federal policies that support community banking – and ultimately impact your role at the bank. Our Be Heard grassroots action center offers a variety of tools to help you amplify your voice with targeted outreach to federal policymakers. 

Learn More

Virtual Advocacy Toolkit

Just like everything else, lobbying is a skill. This toolkit makes it easy to learn the best way to communicate with and engage policymakers in this virtual environment.  No matter what role you have at the bank, YOU can support community banks and make an impact.

Get Started

You are Invited to Capital Summit

Every year, community bankers are invited to attend the complementary ICBA Capital Summit.

Learn More