FDIC and OCC Issue Statement on Heightened Cyber Security Risk

These principles elaborate on standards articulated in the Interagency Guidelines Establishing Information Security Standards as well as resources provided by FFIEC, such as the Statement on Destructive Malware. While preventive controls are important, financial institution management should be prepared for a worst-case scenario and maintain sufficient business continuity planning processes for the rapid recovery, resumption, and maintenance of the operations of an institution. The following are the key highlights of the statement:

• The Department of Homeland Security has indicated there is heightened risk of cyber-attack against U.S. targets because of increased geopolitical tension.
• The current environment provides an opportunity for banks to re-evaluate the adequacy of safeguards to protect against various types of cyber-security risk.
• The attached Heightened Cybersecurity Risk document highlights principles previously articulated by FDIC and other banking regulators including: business resilience, authentication, system configuration, security tool, data protection, and employee training.
• When banks apply cyber-security risk management principles and risk mitigation techniques, they reduce the risk of the success of a cyber attack and minimize the negative impacts of a disruptive and destructive cyber attack.

Related Links

• Notification
• Joint Statement
• Guidelines Establishing Information Security Programs
• FFIEC Cyber-Security Awareness Resources

Keywords: Americas, US, Banking, Cyber Risk, Cyber Attack, Business Continuity, Cyber Security, OCC, FDIC