Enhancing Your ERM Program and Information Security: Key Insights from Q1 2025 Risk Webinar

Strategies for a Robust Enterprise Risk Management

In January 2025, the Q1 Risk Webinar titled “Enhancing Your ERM Program and Information Security” provided valuable insights into strengthening enterprise risk management (ERM) and information security programs. Hosted by David Paxton, a certified Community Bank Risk Specialist and Senior Vice President of Risk Management Solutions at Bankers’ Bank, the ERM webinar featured expert discussions on creating risk indicators and cybersecurity best practices.

Introduction to ERM and Information Security

David kicked off the webinar by emphasizing the importance of a strong ERM program and robust information security measures. He highlighted Bankers Bank’s commitment to providing innovative solutions that help community banks thrive and focus on their customers’ needs. The webinar was organized into two main segments: creating risk indicators and addressing cybersecurity vulnerabilities.

Creating Risk Indicators

David explained that risk indicators are the bedrock of risk reporting. They allow institutions to measure and monitor risks effectively. He introduced the concepts of Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs), which are essential for tracking risk exposure and performance. He stressed the importance of having both KRIs and KPIs to monitor specific risk categories and measure the success of the bank’s strategies.

Examples of KRIs and KPIs

David provided examples of KRIs, such as large depositor concentrations, classified loan concentrations, and cybersecurity incidents. These indicators help banks understand and manage risks related to liquidity, credit, and reputational damage. On the other hand, KPIs, such as net interest margin, loan and deposit ratios, and core deposit growth, measure the bank’s financial performance and strategic execution.

Sources of Risk Indicators

David recommended several sources for identifying risk indicators, including risk assessments, strategic plans, call reports, management and board meetings, and audit and examination findings. He emphasized the importance of consulting risk owners, such as Chief Credit Officers and Chief Compliance Officers, to gain insights into specific risk areas.

Best Practices in Cybersecurity

The second segment of the webinar focused on cybersecurity. It featured presentations by Kyle Howard, Senior Vice President of Technology Analytics and Chief Information Officer at Bankers’ Bank, and Rob Zietlow, Vice President of Technology and Analytics. They discussed the critical importance of tracking cybersecurity metrics and ensuring active management of cyber risks.

System Vulnerability Tracking

Rob highlighted the significance of system vulnerability tracking. He cited the increase in system vulnerability exploitation by 180% from 2022 to 2023. He explained the importance of patching and securing systems to prevent exploitation by malicious actors. Rob also mentioned various tools and external services, such as CISA’s vulnerability scanning program, that can help institutions identify and address vulnerabilities.

Employee Training and Testing

Rob emphasized that employees are both the greatest asset and weakest link in cybersecurity. He discussed the importance of regular training and phishing tests to ensure employees can identify and report suspicious activities. He recommended using industry-standard training platforms, such as Infosec, Proofpoint, and Barracuda, to enhance employees’ cybersecurity awareness.

External Feedback and Incident Tracking

Kyle discussed the value of incorporating external feedback from auditors, third-party assessments, and cybersecurity tools into the ERM program. He shared tools such as CRI The Service and RSAT V2. He also emphasized the importance of incident tracking. This can generate visibility and promote active management of cyber risks. Kyle recommended participating in tabletop exercises and maintaining up-to-date business continuity plans and ransomware playbooks.

Cyber Security Architecture

Rob Zietlow presented the cybersecurity architecture diagram. This diagram outlines baseline recommendations for cybersecurity at any institution and provides strategies for enhancing a bank’s cybersecurity program. Attendees received the diagram for reference.

Conclusion

The Q1 2025 Risk Webinar provided invaluable insights into enhancing ERM programs and strengthening information security measures. By implementing the strategies discussed, institutions can build a robust risk management framework, protect against cyber threats, and ensure long-term success.

As David concluded, “A strong ERM program and effective information security measures are essential for any institution aiming to thrive in today’s complex and dynamic environment.”

Join us for future webinars, and together, let’s build a safer financial ecosystem.