An independent cybersecurity review across many of Florida’s largest banks reveals a wide range of results. These institutions hold customers’ deposits and financial data, yet many show meaningful gaps in basic email authentication.
Using data from audit.emailmenow.com, we evaluated each bank’s domain across email, website, and network security — including SPF, DKIM, DMARC, MTA-STS/TLS, and security headers.
Cybersecurity Scores of Major Florida Banks
Overall compliance scores from audit.emailmenow.com. Re-run any domain at the link to verify.
| Rank | Bank | Domain | Overall Score | Performance Level |
|---|---|---|---|---|
| 1 | Climate First Bank | climatefirstbank.com | 78% | Strong |
| 2 | City National Bank of Florida | citynational.com | 71% | Strong |
| 3 | Centennial Bank | my100bank.com | 70% | Strong |
| 3 | Cogent Bank | cogentbank.com | 70% | Strong |
| 5 | The Bank of Tampa | bankoftampa.com | 63% | Above Average |
| 5 | One Florida Bank | onefloridabank.com | 63% | Above Average |
| 7 | Banesco USA | banescousa.com | 62% | Above Average |
| 8 | Seacoast Bank | seacoastbank.com | 60% | Above Average |
| 8 | Ocean Bank | oceanbank.com | 60% | Above Average |
| 10 | SouthState Bank | southstatebank.com | 51% | Below Average |
| 11 | Sunstate Bank | sunstatebank.com | 48% | Below Average |
| 12 | Florida Capital Bank | flcb.com | 46% | Weak |
| 13 | EverBank | everbank.com | 44% | Weak |
| 14 | BankUnited | bankunited.com | 38% | Weakest |
| 15 | Amerant Bank | amerantbank.com | 34% | Weakest |
What the Results Reveal
- Scores range from 78% (Climate First Bank) down to 34% — Climate First leads, with City National of Florida (71%) and Centennial and Cogent (70%) rounding out the strong tier.
- Some of the largest Florida-based names sit lower: SouthState (51%), EverBank (44%), BankUnited (38%), and Amerant (34%) all land in the Below Average or Weakest bands.
- Without an enforced DMARC policy, criminals can spoof the bank’s own domain to phish customers or to send fraudulent “wire update” instructions to commercial clients.
Why This Matters for Banks
Banks are bound by the GLBA Safeguards Rule, FFIEC examination guidance, and FDIC/OCC/state oversight. Email authentication (SPF, DKIM, and an enforced DMARC policy) is the single highest-impact control against the business email compromise (BEC) and wire fraud that target bank customers and commercial accounts.
Check any bank’s posture at audit.emailmenow.com/?industry=financial-advisors.
See also — national audit
Recommendations
- Enforce DMARC (
p=reject), strict SPF (-all), and DKIM signing. - Add MTA-STS and website security headers.
- Adopt verified call-back procedures for any change to wiring instructions, and train customer-facing and commercial staff.
Stop fraud before it starts. Run a free Instant Cybersecurity Audit at audit.emailmenow.com/?industry=financial-advisors.
Contact EmailMeNow IT Consulting for help with GLBA-aligned email security hardening.
Source & methodology: Overall compliance scores from the free scan at audit.emailmenow.com — each domain checked for email authentication (SPF, DKIM, DMARC), transport security (MTA-STS/TLS), website security headers, and network security. Re-run any domain at the link to verify.