From the Fifth Third Bancorp 2020 ESG Report: Consumer Privacy and Information Security

We keep our customer at the center because without our customers, we would not exist. Keeping the customer at the center of everything we do and delivering a world-class customer experience every time is a top priority and way of life at Fifth Third. When it comes to security and privacy, our customers expect us to protect their financial and information assets and need to know they can trust us to do just that.

As the cyber threat landscape continues to mature, it is our responsibility to stay ahead of the threats and continue to put in place the processes, procedures, tools and technologies needed to mitigate the risks associated with these threats.

Our Information Security team’s mission is to relentlessly execute to protect, enable and innovate across our enterprise, to enhance our brand and to raise the level of trust and confidence of our customers and partners. We strive to understand cyber threat adversaries and the risks they pose. Our adversaries are nimble and dynamic. To protect against them, our defenses must be the same.

TRANSFORMATION PATH TO STRATEGIC FOCUS

In January of 2020, we completed our Agile transformation by aligning the entire organization to our Agile design. This established the organizational structure upon which we focused on Program Foundations, Identity Foundations, Next Generation Detection and Response, and Zero-Trust/Cloud.

Despite the impacts of the COVID-19 pandemic, the team was still able to move forward on these areas of strategic focus by:

• Revamping the vulnerability management reporting capabilities and process to ensure teams were provided appropriate information to prioritize risk
• Managing the technology lifecycle of identity related products to better align with our strategic direction
• Moving to a threat intelligence-driven process that allows our detection and response teams to focus on the most advanced attackers
• Continuing to mature our security in cloud and zero-trust network access solutions

The hard work and continuous planning and preparation of the Business Continuity Team was highlighted in 2020, as they guided us through not only the pandemic and all its implications, but also a record hurricane season and civil unrest. The Bank also has a cybersecurity incident response plan that addresses cybersecurity events that impact data or operations of the Bank. The plan is aligned with our business continuity crisis management plan as well as our escalation procedures for sensitive information, which is overseen by the Bank’s Privacy Office.

PRIVACY AND DATA SECURITY

The Bank has established a strong foundation of governance, policies and procedures based on a tight alignment with regulatory requirements and standard frameworks such as National Institute of Standards and Technology and Control Objectives for Information Technologies. This foundation, combined with regular program assessments by outside organizations, keeps the Information Security team more alert to cyber risk, more deliberate in building dynamic defenses to protect our customers and the Bank, and more collaborative in exploring effective solutions with both internal and external partners.

Fifth Third also is committed to protecting our customers through our privacy policies. These policies describe the information we collect, the information customers provide when using our products and services, and information about when customers can choose to limit data sharing based on state, federal and international regulations. Details of our commitment to privacy and data security can be found on 53.com on our Privacy and Security page.

Continue reading this section of the Bank’s ESG Report at 53.com.