Cybersecurity hygiene and risk mitigation for bank ecosystems

This article was originally published on BankDirector.com.

Cybersecurity risks for executives and shareholders of closely held, family-owned and privately held banks are increasingly complex and pervasive, requiring a strategic approach to protection and risk mitigation. Ownership structures at such institutions often blend personal and professional spheres, making them attractive targets for cybercriminals seeking financial gain, sensitive data or leverage over influential individuals.

One of the primary risks is targeted cyberattacks—from phishing campaigns to ransomware attacks to social engineering scams—on bank executives and board members, who typically have access to sensitive financial information and decision-making power. Attackers may use personal information gleaned from online activity or open-source intelligence to craft convincing messages or exploit vulnerabilities in digital habits. 

But it’s not just leadership teams and board members that make attractive targets. For family-owned and privately held financial institutions, the cybersecurity posture of related shareholders is also critical, even if those shareholders aren’t involved in daily operations. If a shareholder’s personal devices or online accounts are compromised, attackers could gain indirect access to the bank’s systems or influence its governance.

The cybersecurity landscape

Even though reported breaches have declined in 2025, according to recent RSM research, it’s important that organizations not get too comfortable in the face of cybersecurity threats.

According to the findings of the RSM US Middle Market Business Index Special Report: Cybersecurity 2025 from the first quarter of the year, nearly 1 in 5 (18%) middle market companies experienced a data breach in the previous year. That’s down from a record-high 28% in 2024. The decline in reported breaches “is certainly positive,” the report noted, “but this year’s results are consistent with data from previous years outside of the spike in 2024. In addition, with methods becoming more sophisticated, some attacks may go undetected, highlighting the importance of continuously strengthening controls.”

Another important consideration noted in the report is that criminals are harnessing artificial intelligence to launch sophisticated attacks: “AI is making social engineering attacks feel more realistic by providing attackers with more details about an organization and enabling mimicry of company representatives and leadership with vishing (voice phishing) campaigns and deepfake-enabled impersonations,” the report said. “These attacks are focused squarely on the weakest link in security: people.”

Risk mitigation

Mitigating continuing cyber risks requires a comprehensive cybersecurity hygiene program tailored to the bank’s ecosystem. These programs should include:

• Online activity review. Evaluate online habits, behaviors and platforms used by executives that contribute to overall privacy risks.
• Deep and dark web analysis. Investigate deep and dark web sources for any evidence of compromised or exposed data or credentials.
• Open-source intelligence. Analyze publicly available data to determine the extent of personal and professional information exposure.
• Digital threat review. Examine digital lifestyle indicators and behaviors, highlighting potential threat vectors.

For situations where cybercriminals have already gained access to personal or professional data of bank leadership team members or shareholders, open-source intelligence assessments can help determine the extent of the exposure.

Prevention to thwart such incidents, however, should be a priority for financial institutions. Education and awareness campaigns play a crucial role in fostering behavioral change. Executives, shareholders and their families should be trained to recognize common cyberthreats, practice strong cybersecurity hygiene and understand the importance of multifactor authentication. Sharing actionable steps—such as securing home networks, avoiding public Wi-Fi for sensitive tasks and regularly updating software—empowers individuals to take ownership of their cybersecurity.

RSM’s cybersecurity report also zeroed in on the importance of developing a comprehensive digital identity approach. A centralized identity and access management system with support for multifactor authentication is the top method middle market companies use for this.

“With internal users, applications, customers and services providers needing varying levels of access to systems while hackers are constantly attempting to break in, middle market companies need to understand, clearly define and control how much access, if any, employees and vendors need to perform specific tasks,” the report said.

Alongside clear identity and access management protocols, banks should also implement ongoing digital threat reviews, continually assessing digital lifestyles for emerging vulnerabilities and updating risk mitigation strategies as needed. Cyber hygiene assessments for all key individuals can help maintain a strong security posture across the organization.

Collaboration with cybersecurity firms can provide additional layers of protection, such as executive exposure assessments and incident response planning. By integrating findings from these assessments into broader security protocols, the bank can proactively reduce its risk and build resilience against evolving threats.