Standards for how financial institutions (FIs) manage cybersecurity risks are tightening, with a pending new FDIC rule lowering the applicable size threshold for covered FIs. Jessica Caballero, director of cyber risk management at Defensestorm, takes a closer look at the FDIC’s new rules and what institutions of all sizes should know about their cyber risk approach.
The standards for proper governance and risk management within financial institutions continue to evolve, with the FDIC weighing whether to finalize a proposed rule to heighten standards for large banks, requiring those with assets over $10 billion to assess their risk governance, including cybersecurity risk management policies, controls, and data and systems infrastructure, among other risk- and governance-related requirements.
The Office of the Comptroller of the Currency (OCC) and the Federal Reserve have similar heightened standards that apply to significantly larger and often more complex banks — those with total assets over $50 billion. Considering the substantially lower scope of application threshold, the FDIC’s rewrite of the guidelines is catching the industry’s attention. It’s also…
