The Federal Financial Institutions Examination Council recently published its Cybersecurity Assessment Tool (Assessment) to help financial institutions identify cybersecurity risks and determine the institution’s preparedness through a repeatable and measurable process over time.
We share it with our data privacy audience because its value is not limited to financial institutions. It is a thoughtful, structured process that many companies could use to evaluate and improve their cybersecurity preparedness if they are not subject to other specific regulatory requirements. This tool was developed for financial institutions due to their inherent risks and their dependence on information technology, their interconnectedness, and their evolving cyber threats—factors not unique to financial institutions.
Note that the tool contains an overview for the institution’s board of directors and senior management and questions to assist in the assessment process, which clearly shows the trend of making cybersecurity a senior management and board responsibility. As we’ve discussed in a previous blog, boards of directors and senior management, regardless of institution size or industry, will need to continue to focus on cybersecurity issues.
As we discuss in more detail in our client alert, the Assessment consists of two parts: “inherent risk profile” for determining the levels of inherent risk and “cybersecurity maturity” to measure the applicable controls.
Have you assessed your company’s cybersecurity risks?