Our Position

Cyber Incidents and Breaches


  • ICBA supports national cyber incident reporting standards.
  • ICBA supports national data breach legislation to fix the patchwork of state data breach laws.
  • ICBA supports third-party incident and breach notifications to banks.
  • ICBA supports assigning the cost of an incident or data breach to the party that incurs the breach.
  • ICBA supports U.S. Government reporting incidents to banks.


Safeguarding customer information is critical to maintaining the public’s trust in the banking system. Data breaches in the private and public sectors jeopardize consumer financial data and increase the chances of financial fraud of all types.

Community banks currently face a myriad of incident reporting laws at the state and federal level. The federal government should focus efforts on harmonizing incident reporting requirements to enable community banks to focus more on response and recovery, and less on compliance and paperwork.

Similarly, ICBA supports a federal data breach law that preempts the current patchwork of state laws. These laws create requirements that are overly, broad, conflict with one another, increase costs and foster confusion.

Following a breach in the private or public sectors, community banks must receive timely notification concerning the nature and scope of any breach that may have compromised customer data. The costs of data breaches should be borne by the party that incurs the breach.

Barring a shift in liability to the breached entity, community banks should have continued access to various cost-recovery options, including account recovery programs and litigation. Too often, the breached entity evades accountability while financial institutions are left to mitigate damages to their customers.

Lastly, the government, including regulatory agencies, continues to experience cyber incidents and data breaches resulting in the loss of consumer data. Governmental departments and agencies have a responsibility to report incidents, and liability for the breach of governmental systems should not be unfairly born by community banks.

Staff Contact

Lance Noggle

SVP Operations, Senior Regulatory Counsel



Sam Mayper

VP, Congressional Relations