FFIEC Launches Cyber Security Web Page and Commences Cyber Security Assessment
June 24, 2014 – The Federal Financial Institutions Examination Council (FFIEC), on June 24, launched a webpage on cyber security (www.ffiec.gov/cybersecurity.htm).The site is a central repository for current and future FFIEC-related materials on cyber security.
Information security has been a core focus of supervision for decades, but a number of steps are being taken by FFIEC members to raise awareness of cyber security risks at financial institutions and the need to identify, assess, and mitigate these risks in light of the increasing volume and sophistication of cyber threats that pose risks to all industries in our society. The FFIEC webpage provides links to joint statements, webinars, and other information that may help financial institutions when thinking about the issue of cyber security.
The launch of this webpage coincides with a pilot program at more than 500 community institutions, to be conducted by state and federal regulators, which will be completed during regularly scheduled examinations. Information from the pilot effort will assist regulators in assessing how community financial institutions manage cyber security and their preparedness to mitigate increasing cyber risks. Regulators are particularly focusing on risk management and oversight, threat intelligence and collaboration, cyber security controls, service provider and vendor risk management, and cyber incident management and resilience. Another aim of the pilot is to help regulators make risk-informed decisions to enhance the effectiveness of supervisory programs, guidance, and examiner training.
FFIEC members will continue to assess the risks of cyber attacks to financial institutions and use the information gathered through a number of sources to determine the appropriate next steps and identify potential gaps in financial supervision.