Deputy Treasury Secretary Sarah Bloom Raskin said banks should ask themselves 10 concrete questions about how they are responding to cyber-attacks. Noting the increasing prevalence of cyber-attacks, Raskin said banks should ask whether cyber-risk is part of their risk-management framework and whether they follow the NIST Cybersecurity Framework. Banks should also ask whether they know their vendors’ exposure, have cyber-risk insurance, engage in basic cyber-hygiene, share incident information with industry groups, and have a cyber-incident playbook, Raskin said. She also discussed the roles of senior leaders in responding to cyber-incidents, how to engage with law enforcement, and how to inform customers, investors and the general public following an incident.
This and more news in this week's issue of the ICBA News Watch here.