On December 15, 2025, the Conference of State Bank Supervisors (CSBS) released Cyber Hygiene Fundamentals for Financial Institutions, a timely and practical guide designed to help financial institutions strengthen their defenses against today’s cyber threats.
At a time when ransomware, third-party risk, social engineering, and geopolitical threats continue to escalate and as artificial intelligence introduces both efficiencies and new attack vectors, CSBS’s message is clear: strong cyber hygiene remains one of the most effective defenses available to financial institutions.
As former CISA Director Jen Easterly has noted, “Basic cyber hygiene prevents 98% of cyberattacks.” The CSBS Guide reinforces this reality by focusing not on novel or experimental controls, but on the consistent execution of foundational practices that many institutions already have in place; yet may not be managing as rigorously as today’s threat environment demands.
One of the most valuable aspects of the CSBS Guide is its dual focus on technical fundamentals and governance engagement. In addition to outlining ten core cyber hygiene practices, the Guide includes thoughtfully crafted questions intended to drive meaningful dialogue between Management and the Board.
This approach recognizes an important truth: cybersecurity is no longer a back-office IT issue. It is an enterprise risk management concern that requires active oversight, informed decision-making, and continuous communication at all levels.
The Guide is intentionally appropriate for financial institutions, reinforcing that strong cyber hygiene principles apply regardless of size, complexity, or charter.
To review the full Guide, please visit: https://www.csbs.org/sites/default/files/other-files/Cyber%20Hygiene%20Fundamentals%20Guide%2012-2025_0.pdf