Get the latest delivered to your inbox
Privacy Policy

Now Reading

Webster Bank Corporate Responsibility Report: Cybersecurity

Webster Bank Corporate Responsibility Report: Cybersecurity

Published 10-11-23

Submitted by Webster Bank

Two people looking at a laptop. Shelves full of boxes behind them.

Originally published in Webster Bank's 2022 Corporate Responsibility Report

The security of our clients’ private information is one of Webster's key priorities.

We are committed to prevention, detection and timely response to incidents that may impact the confidentiality, integrity and availability of information assets and customer information. Our robust information security and technology risk programs are managed by the Chief Information Security Officer, with additional oversight by our Information Risk Committee, Enterprise Risk Management Committee and Risk Committee of the Board of Directors.

We have a broad and comprehensive approach to data security and privacy issues, including an extensive cybersecurity strategy, foundational pillars of privacy and robust efforts to fight global fraud. Because cyber threats continue to evolve, we prioritize the continued development and enhancement of our controls, processes and practices that are designed to protect our systems, computers, software, data and networks from attack, damage or unauthorized access, and facilitate the recovery of any compromised assets. Regular tabletop exercises are held at management and Board levels to validate roles and responsibilities and response protocols respective to potential security incidents. In addition, extensive penetration testing is performed to assess the effectiveness of our security controls. In the event of a data breach, we would follow guidance issued under the Gramm-Leach-Bliley Act, as well as local data breach notification laws.

Webster expects all colleagues and third parties to protect the security and confidentiality of client information. Information Security training is required at the time of hire and annually thereafter. Regular phishing simulation activities are conducted to assess colleagues’ competency at identifying potential threats. All third parties with access to customer data undergo rigorous due diligence prior to onboarding and ongoing monitoring to ensure they maintain required security controls. Our Security Operations team works 24/7 using a combination of industry leading tools and innovative in-house technologies to help protect our stakeholders against cybercriminals and fraudsters. Our team members are responsible for complying with our cybersecurity standards and complete mandatory annual training to understand the behaviors and technical requirements necessary to keep information secure. We also offer ongoing practice and education for team members to recognize and report suspicious activity.

Colleagues are trained and tested, and assessments are conducted to ensure relevant suppliers have the appropriate controls implemented to protect clients’ information.

We use examination guidelines, frameworks and privacy laws to guide us in consistently meeting legal and regulatory requirements. Our strategy allows us to perform a high level of due diligence by investing in information security controls, which provide the best mechanism to deflect hackers. We recognize our responsibility to appropriately use, maintain and safeguard the personal data we collect from our stakeholders.

The Information Risk Committee (IRC), a subcommittee of Enterprise Risk Management Committee (ERMC), is responsible for overseeing information technology and security risk. IRC is responsible for approving information technology policies, which align with regulatory guidance and industry standards, as well as monitoring the effectiveness of the information security program. The Director of Information Risk serves as the chair of the IRC, and its members include key leaders from the Technology and Risk organizations, including the Chief Information Officer, Chief Risk Officer and Chief Information Security Officer.

To learn more about Webster Bank’s commitment to corporate responsibility, visit our CR webpage.

For full details about Webster Bank's 2022 Corporate Responsibility Report, visit here.

Webster Bank logo

Webster Bank

Webster Bank

About Webster
Webster Bank (“Webster”) is a leading commercial bank in the Northeast that provides a wide range of digital and traditional financial solutions across three differentiated lines of business: Commercial Banking, Consumer Banking and Healthcare Financial Services, one of the country's largest providers of employee benefits and administration of medical insurance claim settlements solutions. Headquartered in Stamford, CT, Webster is a values-driven organization with $76 billion in assets. Its core footprint spans the northeastern U.S. from New York to Massachusetts, with certain businesses operating in extended geographies. Webster Bank is a member of the FDIC and an equal housing lender. For more information about Webster, including past press releases and the latest annual report, visit the Webster website at

More from Webster Bank

Join today and get the latest delivered to your inbox