FFIEC members are taking a number of steps to raise awareness of cybersecurity risks at financial institutions and the need to identify, assess, and mitigate [cybersecurity] risks in light of the increasing volume and sophistication of cyber threats that pose risks to all industries in our society. The FFIEC Web page provides links to joint statements, webinars, and other information that may help financial institutions when thinking about the issue of cybersecurity.
FFIEC members and some state regulators are also conducting a pilot program at more than 500 community institutions, “which will be completed during regularly scheduled examinations.” Information from the pilot effort “will assist regulators in assessing how community financial institutions manage cybersecurity and their preparedness to mitigate increasing cyber risks.”
Regulators “are particularly focusing on risk management and oversight, threat intelligence and collaboration, cybersecurity controls, service provider and vendor risk management, and cyber incident management and resilience. Another aim of the pilot is to help regulators make risk-informed decisions to enhance the effectiveness of supervisory programs, guidance, and examiner training.”