FFIEC Notes Inherent Risk, Preparedness as Cybersecurity Factors for Financial Institutions

cybersecurityThe Federal Financial Institutions Examination Council says that financial institutions should focus their cybersecurity measures on managing inherent risk factors and engage executive leadership in evaluating an institution’s preparedness.

FFIEC said in a report published Monday that it conducted a cybersecurity assessment of 500 financial institutions earlier this year and found that inherent risk varies based on operational factors such as connection type, technologies, and product and service offerings.

Institutions should consider these factors and determine if their existing connections, offerings and technologies add to the inherent risk and if they can manage these factors amid the changing threat landscape, the council said.

It also added that risk management and oversight, collaboration on threat intelligence, cybersecurity controls, limited external dependence, and incident management and resilience are important practices to adopt to bolster preparedness.

FFIEC noted that the board of directors and senior management should be involved in discussing an institution’s capabilities and vulnerabilities and deciding on areas that need further work.

Check Also


NNSA Intends to Assess Lawrence Livermore National Laboratory for Continued Operations

The National Nuclear Security Administration (NNSA) within the Department of Energy (DoE) has given its approval of an effort to evaluate Lawrence Livermore National Laboratory's potential for continued operations. The LLNL Site-wide Environmental Impact Statement for Continued Operation will assess the environmental impacts of options on whether to maintain the laboratory's operations without significant changes.

Leave a Reply

Your email address will not be published. Required fields are marked *