Our Position

Data and Cyber Security


  • Any new Federal and state legislation, regulation, or guidance should be non-proscriptive and non-duplicative.
  • Regulators should not mandate the use of any one framework, tool, or assessment, but rather support community banks’ ability to use the framework, tool or assessment that best suits their institution’s size, complexity, and risk tolerance.
  • ICBA supports bi-directional sharing of threat intelligence between the financial sector and the government.
  • ICBA supports national data security standards with exemptions for community banks already covered under GLBA.
  • ICBA suggests that regulators broadening their supervision to include all companies that have access to consumer financial data.
  • ICBA supports stronger cyber security standards and practices for government.
  • ICBA supports financial sector initiatives such as .BANK and Sheltered Harbor.


Community banks are on the frontline defending the financial sector and bank customers against cyber threats. As a result of sophisticated and constantly evolving threat landscape the federal government and the financial sector are increasingly focused on cyber security.

To better address the increased threat and provide banks with the ability to implement risk-based security programs, state and Federal legislation, regulation, and guidance should be non-proscriptive and non-duplicative in approach and recognize existing or similar regulatory requirements. The patchwork of state data security laws and requirements increases burdens and costs, fosters confusion, and is detrimental to customers.

ICBA supports national data security standards that include appropriate exemptions for community banks that are already covered under GLBA. Regulators should broaden their supervision to include all third parties that have access to, use, or store consumer financial data. These companies should be regulated to Gramm-Leach-Bliley Act (GLBA) like standards.

ICBA supports bi-directional threat information sharing between the financial sector and the government, such as the Financial Services Information Sharing and Analysis Center (FS-ISAC), a non-profit information-sharing forum established by financial sector. ICBA recognizes that the U.S. Government also has a responsibility to safeguard financial and personally identifiable information (PII) and to provide banks with visibility into the government’s business continuity, incident response, and other critical resiliency plans.

ICBA supports the work of .BANK, Sheltered Harbor, and other financial sector efforts to enhance protection for bank customer account data.

Staff Contact

Susan Sullivan

Senior Vice President, Congressional Relations

Washington, DC


Steven Estep

Assistant Vice President, Operational Risk

Washington, DC


Be Heard

Direct grassroots advocacy is essential to promoting federal policies that support community banking – and ultimately impact your role at the bank. Our Be Heard grassroots action center offers a variety of tools to help you amplify your voice with targeted outreach to federal policymakers. 

Learn More

Virtual Advocacy Toolkit

Just like everything else, lobbying is a skill. This toolkit makes it easy to learn the best way to communicate with and engage policymakers in this virtual environment.  No matter what role you have at the bank, YOU can support community banks and make an impact.

Get Started

You are Invited to Capital Summit

Every year, community bankers are invited to attend the complementary ICBA Capital Summit.

Learn More