Webster Bank Corporate Responsibility Report: Cybersecurity
Originally published in Webster Bank's 2022 Corporate Responsibility Report
The security of our clients’ private information is one of Webster's key priorities.
We are committed to prevention, detection and timely response to incidents that may impact the confidentiality, integrity and availability of information assets and customer information. Our robust information security and technology risk programs are managed by the Chief Information Security Officer, with additional oversight by our Information Risk Committee, Enterprise Risk Management Committee and Risk Committee of the Board of Directors.
We have a broad and comprehensive approach to data security and privacy issues, including an extensive cybersecurity strategy, foundational pillars of privacy and robust efforts to fight global fraud. Because cyber threats continue to evolve, we prioritize the continued development and enhancement of our controls, processes and practices that are designed to protect our systems, computers, software, data and networks from attack, damage or unauthorized access, and facilitate the recovery of any compromised assets. Regular tabletop exercises are held at management and Board levels to validate roles and responsibilities and response protocols respective to potential security incidents. In addition, extensive penetration testing is performed to assess the effectiveness of our security controls. In the event of a data breach, we would follow guidance issued under the Gramm-Leach-Bliley Act, as well as local data breach notification laws.
Webster expects all colleagues and third parties to protect the security and confidentiality of client information. Information Security training is required at the time of hire and annually thereafter. Regular phishing simulation activities are conducted to assess colleagues’ competency at identifying potential threats. All third parties with access to customer data undergo rigorous due diligence prior to onboarding and ongoing monitoring to ensure they maintain required security controls. Our Security Operations team works 24/7 using a combination of industry leading tools and innovative in-house technologies to help protect our stakeholders against cybercriminals and fraudsters. Our team members are responsible for complying with our cybersecurity standards and complete mandatory annual training to understand the behaviors and technical requirements necessary to keep information secure. We also offer ongoing practice and education for team members to recognize and report suspicious activity.
Colleagues are trained and tested, and assessments are conducted to ensure relevant suppliers have the appropriate controls implemented to protect clients’ information.
We use examination guidelines, frameworks and privacy laws to guide us in consistently meeting legal and regulatory requirements. Our strategy allows us to perform a high level of due diligence by investing in information security controls, which provide the best mechanism to deflect hackers. We recognize our responsibility to appropriately use, maintain and safeguard the personal data we collect from our stakeholders.
The Information Risk Committee (IRC), a subcommittee of Enterprise Risk Management Committee (ERMC), is responsible for overseeing information technology and security risk. IRC is responsible for approving information technology policies, which align with regulatory guidance and industry standards, as well as monitoring the effectiveness of the information security program. The Director of Information Risk serves as the chair of the IRC, and its members include key leaders from the Technology and Risk organizations, including the Chief Information Officer, Chief Risk Officer and Chief Information Security Officer.
To learn more about Webster Bank’s commitment to corporate responsibility, visit our CR webpage.
For full details about Webster Bank's 2022 Corporate Responsibility Report, visit here.