Cybersecurity Assessment Observations Released

On November 3, the Federal Financial Institutions Examination Counsel (FFIEC) released its cybersecurity assessmentDuring the summer of 2014, FFIEC piloted a cybersecurity assessment at more than 500 community institutions to evaluate the institutions’ preparedness to mitigate cybersecurity risks. The assessment supplemented regularly scheduled exams and built upon key supervisory expectations contained within existing FFIEC information technology handbooks and other regulatory guidance.

The Cybersecurity Assessment found that the level of cybersecurity inherent risk varies
significantly across financial institutions.Today’s financial institutions are critically dependent on IT to conduct business operations. This dependence, coupled with increasing sector interconnectedness and rapidly evolving cyber threats, reinforces the need for engagement by the board of directors and senior management, including understanding the institution’s cybersecurity inherent risk; routinely discussing
cybersecurity issues in meetings; monitoring and maintaining sufficient awareness of threats and vulnerabilities; establishing and maintaining a dynamic control environment; managing connections to third parties; and developing and testing business continuity and disaster recovery plans that incorporate cyber incident scenarios. As a result, the FFIEC also recommended that financial institutions of all sizes participate in the FS-ISAC as part of their process to identify, respond to, and mitigate cybersecurity threats and vulnerabilities. The FS-ISAC is a non-profit, information-sharing forum established by financial services industry participants to facilitate the public and private sectors’ sharing of physical and cybersecurity threat and vulnerability information.

Contact Us

Have any questions? Send our team an email and we'll get back to you as soon as posible. *Warning: Do not send or include any information in any email generated through this web site if you consider the information confidential or privileged. By submitting information by email or other communication in response to this web site, you agree that the communication does not create a lawyer-client relationship between you and the law firm and its lawyers and that any information submitted is not confidential and is not privileged. You further acknowledge that, unless the law firm subsequently enters into a lawyer-client relationship with you, any information you provide will not be treated as confidential and any such information may be used adversely to you and for the benefit of current or future clients of the law firm.

Start typing and press Enter to search