In a recent episode of the U.S. National Privacy and Cybersecurity Podcast, AABD President David Baris sat down with hosts Jerry Buckley and Jody Westby to explore the roles and responsibilities of bank directors in addressing cyber risk and the protection of private customer data. Listen to the episode below.

Bank boards must meet their fiduciary duties under their state corporate law but also not participate in what the banking agencies determine as “unsafe or unsound banking practices,” a term not defined by statute.

Applying these standards in practice is not easy, particularly when it comes to cyber risk and protection of private customer data. When a data breach occurs, the alarms go off and banking agencies will likely be there to reconstruct what happened and whether the board shares the blame for what happened.