Impact of the FFIEC Cybersecurity Assessment Tool

cloudcomputingForresterOn the front page of American Banker, there’s a July 14 article titled “Is It Almost Time to Put Core Processing in the Cloud? If there was any doubt about the fact that technology is a one-directional, hard trend banks absolutely must be integrating into strategy, articles like this are putting it to rest. 

Especially with technology adoption, understanding and engaging with the trend have sweeping ramifications. The large and valuable millennial audience operates in an almost exclusively digital world. Your competitors are building omnichannel banking structures. And, as the American Banker article discusses, security is the linchpin for the success of the whole new banking model.

Forrester reported this week that 73% of bank technologists say security is one of the five obstacles preventing them from adopting cloud applications. For many service industries including banking, cloud computing is the next frontier. It’s a way to recognize cost savings, scale computing services as needed, and assemble big data for customer interactions. With rising adoption has come an increase in cyber threat. To meet this growing concern, the Federal Financial Institutions Examination Council (FFIEC) has developed a Cybersecurity Assessment Tool to help banks assess and measure preparedness over time.

The FFIEC Cybersecurity Assessment Tool

The FFIEC Assessment incorporates cybersecurity principles from the FFIEC Information Technology (IT) Examination Handbook and regulatory guidance, as well as concepts from other industry standards, including the National Institute of Standards and Technology (NIST) Cybersecurity Framework. It provides structure to help financial institutions enhance oversight and management of cybersecurity by:

  •         Identifying factors contributing to and determining your cyber risk
  •         Assessing preparedness
  •         Evaluating whether preparedness is aligned to specific risk areas
  •         Determining needed risk management practices and controls, and necessary actions
  •         Informing risk management strategies

The Assessment consists of two parts. The Inherent Risk Profile is the level and characteristics of risk caused by technologies and connection types, delivery channels, technology services, organizational characteristics, and external threats. The second part measures your institutions level of risk and corresponding controls. Your Cybersecurity Maturity levels support preparedness across five core domains:

  1.       Cyber Risk Management and Oversight
  2.       Threat Intelligence and Collaboration
  3.       Cybersecurity Controls
  4.       External Dependency Management
  5.       Cyber Incident Management and Resilience

The FFIEC requires that you review and analyze your Inherent Risk Profile against the Cybersecurity Maturity results to confirm alignment. With a clear picture of strengths and gaps, bank management can create a strategy for achieving desired technology implementation and maturity goals.

If your bank management shares the concerns about cyber threat, the FFEIC Assessment should be able to reveal specific areas of security need and maturity. Accumulating tactical and measurable information is a first step in acting on market foresight.

For more information or to implement about the FFEIC Cyber Security Assessment Tool, click here.  For more insight about using hard trends in building your bank strategy, or the role of technology in banking, contact a HORNE Banking specialist, here

Subscribe to the Banking Blog

Topics: Strategy, Electronic Health Records, Hard Trend

Leave A Comment

Related Posts