This story is part of our April 2025 issue. To subscribe, click here.

I worry about cybersecurity, and it should worry you as well.
As the CEO of River City Bank, I know it’s not a question of whether we will be targeted by hackers, but when, how often and in what form.

Cybercriminals are attacking all our businesses daily at an increasing rate. As the bad guys get more sophisticated, all businesses, both large and small, are vulnerable. Cybercriminals view large business as a big pot of gold for them to steal and small or medium-sized business as an easy target. McKinsey & Company estimates that cyberattacks will reach $10.5 trillion by the end of this year, a whopping 300 percent increase from 2015. 

All it takes to find yourself in a big mess is for one person at your organization to click on the wrong link or attachment in an email. Sophisticated scammers recently lured five Sacramento County employees into handing over their official log-in information, a breach that exposed more than 2,000 sensitive health records. This was just one incident of phishing attacks as the tactic reached record levels with more than 4.7 million attacks being recorded in a single year.

At the end of the day, the buck starts and stops with the CEO. We’re the final risk manager, and regardless of whether we run a bank, construction company, law firm, farm, nonprofit charitable organization or public agency, this is one of the biggest risks we’re facing. Ignoring cyber risk is a critical error that will likely result in a painful and expensive outcome.

At River City Bank’s annual Business Outlook event in February, our keynote speaker was Andy Greenberg, an award-winning journalist from Wired magazine who writes about hacking, cybersecurity and surveillance. I felt it was important for Andy to talk to our clients and illustrate real-world examples of how sophisticated cyberattacks have evolved and how devastating they are to some of the largest companies in the world, including some in the Sacramento region. 

I also asked Eric Johnson, an RCB Board Member and founder of Foresight IT based here in Sacramento, to offer practical steps for protecting your business. His recommendations included some crucial steps that all businesses should consider implementing, such as protecting critical systems with network segmentation, implementing a managed endpoint detection and response system for additional monitoring with an extra layer of security, and ensuring your network backups are isolated and off the network.

Let’s also not forget about the benefits of cyber liability insurance coverage. The cost of this insurance is rising due to the success of the cybercriminals. But you must ask yourself if you can afford a massive loss from a cyberattack.

We do our best to manage and control the risks in our businesses. Still, cybercriminals know they can penetrate our information security defenses through our vendors, our customers and our employees when they let down their guard. A cyberattack can cost us time and money, but it can also lead to lost customers, a damaged reputation and even regulatory scrutiny. 

No wonder this issue keeps me up at night — it represents a risk for the business that I run, but also a risk for all our clients. At River City Bank, we instill a business culture that teaches our staff to be hypervigilant about cybersecurity, while recognizing that mistakes can, and will, happen. Many breaches can be traced to our people or contractors, intentionally or through error. 

If your business is not conducting regular cyber training for your staff, you’re putting your company in danger. Educated workers are less likely to click on a suspicious link or use a password that is easy to hack and thus mistakenly put your company’s sensitive data in someone else’s hands. 

No matter the size, every business needs to understand cybersecurity best practices and use them to minimize losses if an attack happens. 

Steve Fleming has been the president and chief executive officer of River City Bank since September 2008 and has over 40 years of banking experience. Before joining River City Bank, he was the founder and CEO of Presidio Bank in San Francisco. Steve also worked for over 20 years at Bank of America in a variety of progressively more senior roles, including as head of credit administration for its Europe, Middle East and Africa division. He is a member of Comstock’s editorial advisory board. 

Stay up to date on business in the Capital Region: Subscribe to the Comstock’s newsletter today.