Intelligence in Financial Services

On June 20, 2025, Governor Greg Abbott signed the Texas Cybersecurity Safe Harbor Law (SB 2610). This law takes effect on September 1, 2025, and brings major changes for small and mid-sized Texas businesses that handle sensitive personal information.If your organization has fewer than 250 employees, this law could protect you from punitive damages after a data breach—but only if you maintain a documented, compliant cybersecurity program.

Discover how ESSA Bank & Trust strengthened its cybersecurity posture with Echelon Risk + Cyber. This case study shows how the bank improved security, achieved compliance, and prepared for acquisition by revamping its security program, enhancing visibility, and practicing breach readiness. Download now to learn how they did it.

Learn the essentials of PCI DSS compliance, including penetration testing, quarterly vulnerability scanning, and the role of QSAs and SAQs. Stay ahead of cyber threats and ensure secure payment transactions. Contact Echelon Risk + Cyber to streamline your compliance strategy. 

We’re excited to share the 5 most-read articles of the year. These articles stand out for their relevance, depth, and impact on the ongoing cybersecurity dialogue. Whether you’re a seasoned pro or just starting to dive into the world of cybersecurity, these pieces offer valuable perspectives on the challenges and solutions facing today’s digital landscape.

Discover expert strategies from Echelon to enhance your organization's cybersecurity during Cybersecurity Awareness Month. Learn about training enhancements, cyber exercise benefits, internal testing, and building a culture of awareness to strengthen cyber defenses. 

Explore the significant changes and updates introduced by the NYDFS Second Amendment to 23NYCRR500, impacting cybersecurity regulations for financial institutions. Erin Conway provides insights on critical amendments, timelines, and actions for compliance.

The highly anticipated ISO 27001:2022 updates modernize the standard to keep up with the evolving cyber landscape. Here's everything you need to know about the changes and how you can get (and stay) compliant.

Upon returning home from Scottsdale, AZ for the PA Bankers Convention of 2022, I had some time to reflect on my three key takeaways from my time spent amongst leaders in the great banking industry of Pennsylvania.

In January 2021, the Federal Reserve Banks implemented the Security and Resiliency Assurance Program outlining new compliance requirements for banks that use FedLine® by the end of 2022. This article outlines everything you need to know about this new program.

Lawmakers have argued about mandatory cyber incident reporting for years, but it has never gained the traction needed to become widespread law. For those in the banking industry, this is all about to change.

In this video discussion with Matt Tolbert, Senior Cybersecurity Examiner for the Federal Reserve Bank of Cleveland, Matt and Dan discuss risks of remote workforces, planning for disruptions, mitigating 3rd party risks, going to the cloud, supply chain threats, and resilience in the future.

Our CEO and Founder Dan Desko was recently interviewed for Mission Matters Innovation with Adam Torres. The interview focuses on our core belief that security and privacy are basic human rights. We're built to live that mission every day.

Considering a move to the cloud? There's a lot to think about, especially for financial institutions. This article lays out those obstacles and some considerations for overcoming them.

Another year, another penetration test? Attackers are evolving, and so should you. Here are four ways to spice up your pen testing routine to be better prepared and reduce your attack surface.

Over the past year and a half, the worldwide workforce underwent a drastic and rapid paradigm shift that has brought with it new opportunities, attack vectors, and methods to test security. When testing security with penetration testing, partner with a firm using the most modern, advanced tactics to test your readiness for tomorrow’s attackers.