Case Study: Revamping Cybersecurity – U.S. Regional Bank Enhances Cyber Defense Strategy

Executive Summary

A mid-western regional bank recognized that its cybersecurity initiatives were inconsistent with industry standards and sought third-party expertise to improve its cyber defense strategy. Withum’s Cyber and Information Security Services Team partnered with the bank to revamp its cybersecurity program.

Using a multiphase approach, Withum conducted an end-to-end assessment of their program and control environment, resulting in comprehensive enhancements and recommendations which were provided to the client to mitigate future cyber threats.

The Client

A mid-western U.S. regional bank managing diversified financial operations sought out an evaluation of its current cybersecurity program. Providing highly regulated services such as private, commercial and retail banking, it was of the utmost importance to be cyber secure and compliant. Leadership searched for a Firm to conduct a cybersecurity audit and provide ongoing support.

The Challenge

The bank recognized that its cybersecurity initiatives were inconsistent with industry standards, and leadership did not know how other peer organizations handled their cybersecurity efforts in order to match that. The management committee and board of directors needed third-party expertise, including strategic insights and educational support.

The Approach and Solution

Withum’s Cyber and Information Security Services Team engaged with the regional bank and analyzed its current cybersecurity program. Numerous exercises were conducted, including a tabletop incident response case with the bank’s management committee. This exercise incorporated multiple real-world scenarios and involved operational team members responsible for responding to cyber incidents, such as ransomware and phishing.

A privacy program maturity assessment, a peer institution comparison and program enhancement recommendations were provided to address the client’s needs further. Monthly meetings with the bank’s Chief Information Security Officer (CISO) and key stakeholders and quarterly briefings with management and the board of directors were executed to further strengthen and evaluate the revamped approach to cybersecurity.

The Results, ROI

The revamped cybersecurity program shifted to a proactive risk-based approach. The overall maturity of the program increased significantly within 6-12 months. The management committee and the board of directors had more significant insights into the industry’s real risks. Regulators also had an improved line of sight into the bank’s cybersecurity posture. They were better prepared to make risk-based decisions based on reports and prioritized security program spending.

The enhanced cybersecurity program helped the bank mitigate future cyber threats and prioritize security program spending effectively.

Contact Us