With increased oversight, regulatory scrutiny and risk related to cybersecurity, now is the time for those in the banking industry to be proactive in managing cybersecurity risk. Waiting until a breach occurs to formulate or review your game plan may be “too little, too late”. An assessment of your current cybersecurity preparedness may be the best place to start.

Assessment

- The Federal Financial Institutions Examination Council (FFIEC) recently released a Cybersecurity Assessment Tool to help institutions identify their risks and assess their cybersecurity preparedness. Financial institutions may use the Assessment Tool to perform a self-assessment and inform their risk management strategies. The Assessment Tool contains two basic parts: Inherent Risk Profile and Cybersecurity Maturity. The Inherent Risk Profile assesses existing cybersecurity risks. The assessment includes review of five categories: (1) technologies and connections, (2) delivery channels, (3) online/mobile products and technology services, (4) organizational characteristics, and (5) external threats. It looks at the type, volume, and complexity of each category. The Cybersecurity Maturity evaluation determines the maturity level in five different domains: (1) Cyber Risk Management and Oversight, (2) Threat Intelligence and Collaboration, (3) Cybersecurity Controls, (4) External Dependency Management, and (5) Cyber Incident Management and Resilience. It seeks to determine the extent to which an institution has controls in place for a particular risk and how mature those controls are.