“Mayra Rodriguez Valladares, principal consultant at MRV Associates, says that regulators can affect the cybersecurity protocols of banks in several ways. “Regulators can send in specialized IT and data teams to do specialty exams of banks to see how they are strengthening their controls against cyber-attacks.

“They can also ask banks to increase their capital requirements for operational risk. This would make banks think twice about the attention and resources that they should allocate to cybersecurity threats. They can also fine banks as part of an enforcement action which would also make bank executives focus on how to improve operational risk management. If banks repeatedly have cybersecurity challenges, bank regulators can also close business lines which are more at risk of hacking and other types of cyber-attacks.”