Insights from Bank Director’s 2025 Risk Survey

Surprisingly, the first-ever cyberattack was in 1834. The Blanc brothers, who traded government bonds in Bordeaux, bribed a Tours telegraph operator to help them access advanced information about financial market movements via government telegraph messages. The telegraph operator in Tours added an “extra” character to indicate the previous day’s market movement to outgoing telegraph messages headed for Bordeaux, followed by a “backspace” character. The backspace character indicated for the receiving telegraph transcriber in Bordeaux to ignore the previous character when decoding the message, leaving the transcribed message unaffected. However, the Blanc brothers posted a former telegraph operator in Bordeaux to spy on the city’s telegraph tower and send news of the encoded extra character to them days ahead of when physical mail would arrive to their competitors.The scheme continued for two years before the Blanc brothers were tried in court, but due to a lack of laws prohibiting misuse of the telegraph network, there was no charge to convict them on. Cybercrime has become much more sophisticated since the days of telegraphs, though. Therefore, it is not surprising that bank leaders rate it as one of their top risks, alongside cybersecurity and interest rates, in Bank Director’s 2025 Risk Survey.This year’s survey, which was conducted in January and published in March, is based on the responses of 269 executives from US banks with less than $100B in assets. We discuss some of the survey’s key findings and what they might mean for community financial institutions (CFIs).Cybersecurity and Fraud Top of MindCFIs are navigating an increasingly complex risk environment, exacerbated by the growing number — and sophistication — of cybercriminals and fraudsters. This is reflected in the survey results: 84% of bank leaders identify cybersecurity as one of the top risks facing their organization, with 69% also citing fraud concerns. The majority of institutions surveyed (94%) have been affected by check fraud in the last 18 months, while 61% have been affected by digital payments fraud. About 70% say they have experienced financial exploitation of elderly or vulnerable customers.Financial institutions are using various strategies to manage these risks proactively. Most respondents say they are providing ongoing staff education about the latest threats (86%), have improved training for their staff (82%), and are regularly communicating with their customers about relevant scams and threats (71%). The vast majority (83%) have also conducted a tabletop exercise of their cybersecurity incident response plan in the last year. It’s clear that cybersecurity and fraud mitigation will continue to be top strategic priorities for CFIs going forward. To successfully protect their institutions, leaders need to ensure that cybersecurity is integrated into their company culture. An Uncertain Economic Outlook Remains a ConcernAt the time of completing the survey, respondents highlighted interest rate risk (58%) and credit risk (51%) as two of their top five concerns. Despite banks’ concerns about credit risk and ongoing concerns about the commercial real estate (CRE) sector, it is interesting to note that 72% plan to grow their CRE loan portfolios in 2025, and 68% plan to grow their commercial and industrial loan portfolios. Recent shifts in trade policies and tariffs are likely to fuel further uncertainty regarding inflation, interest rates, credit risk, and the economic outlook. However, encouragingly, 81% of bank leaders say they have incorporated multiple interest rate scenarios into their 2025 forecasts. Moreover, almost three-quarters of the banks surveyed perform annual stress tests, with more than half using the results to adjust their liquidity plans. CFIs may want to consider how different stress testing approaches could help them build resilience as they navigate recent tariff developments and increased economic uncertainty. Regulatory Expectations and Compliance in Sharp FocusRegulatory risk is rated as a top concern by 55% of bank leaders, and 36% expect evolving regulatory or compliance requirements to be one of their most significant challenges over the next 18 months. Almost all the respondents (96%) say their organization underwent a regulatory exam in the past 18 months. According to the survey results, regulators appear to be focusing the most on institutions’ liquidity planning/strategy (62%), followed by interest rate sensitivity (33%), and Bank Secrecy Act (BSA)/anti-money laundering (AML) regulations (31%). It is crucial that CFIs stay abreast of evolving regulations and ensure they have robust AML and regulatory compliance frameworks and strategies in place to manage the key risks. These might include investing in technology to boost their BSA/AML function, providing improved training for frontline employees, and recruiting more BSA/AML compliance staff. It’s looking increasingly likely that 2025 will continue to present a complex risk landscape shaped by cybersecurity and fraud threats, economic uncertainty, and regulatory shifts. To remain resilient and competitive, CFIs must address these challenges proactively and strategically, to support sustained growth and maintain customer trust.