This article explains the heightened expectations regulators and examiners are beginning to have for financial institution’s leaders when it comes to cybersecurity. Regulators are sending messages loud and clear that executives can no longer afford to take a hands-off approach – they need to stay up to date on their banks’ critical security issues, as well as the steps that are being taken to mitigate the related risks. The article identifies four types of information the chief information security officer must provide executives to keep them apprised.