Federal Treasury to gather cybersecurity risk information from banks

Federal Treasury to gather cybersecurity risk information from banks | Insurance Business

Federal Treasury to gather cybersecurity risk information from banks

infrastructure, the US Treasury Department is suggesting that it collect more information from banks about the cyber risks they face.

The department’s plan comes after the Federal Reserve Bank of New York published a report which found that it only takes a single debilitating cyberattack on any of America’s five major banks – JPMorgan Chase, Bank of America, Citigroup, Wells Fargo, and Goldman Sachs – to potentially cripple the entire nation’s financial system.

Read more: Cyberattack on a Big 5 bank could cripple entire financial system

The Office of Cybersecurity and Critical Infrastructure Protection – a part of the Treasury Department – issued a notice published in the Federal Register this week that proposed collecting more data from the private sector to understand potential cyber risks to financial services.

“This information collection will support [the Office of Cybersecurity and Critical Infrastructure Protection’s] efforts to identify cybersecurity and operational risks to and interdependencies within US financial services sector critical infrastructure and to work collaboratively with industry and interagency partners to develop risk management and operational resilience initiatives,” the notice read.

BankInfoSecurity reported that the notice does not specify what sort of data the Treasury Department is planning to collect.

Many banks and financial institutions already relay information on cybersecurity and risk to regulatory agencies, Chris Pierson, CEO of cybersecurity firm Blackcloak, told BankInfoSecurity. This would potentially make the Treasury Department’s request a bit redundant, but the cybersecurity expert has a different take.

“At a strategic level, gaining insight into the cybersecurity stance of the entire financial ecosystem is a worthwhile endeavor, even if something like this should already have been completed a decade ago and the data to do so already exists,” Pierson explained.