Noting that ransomware incidents have become increasingly prevalent in the financial services sector, the Federal Financial Institutions Examination Council (FFIEC) today released an update to its Cybersecurity Resource Guide for Financial Institutions (the Guide)—a publication that was last updated in October 2018. View a copy of the updated Guide.
The FFIEC points out that the Guide is designed to support financial sector resilience, that FFIEC members do not endorse the listed organizations and that use of any of the listed resources is voluntary on the part of regulated financial services institutions. However, the newly released edition of the Guide is substantially lengthier than the version published in 2018, and the inclusion of a section on ransomware that lists several self-assessment tools indicates that this is likely to be an area of concern for examiners in upcoming review cycles. In addition to listing ransomware resources, the Guide also lists additional resources available in areas such as assessments, information sharing and incident reporting.
Norton Rose Fulbright has a globally active information governance, privacy and cybersecurity practice composed of over 80 lawyers worldwide. Lawyers in this practice group help clients in managing legal risks related to cybersecurity, privacy and data governance. When advising financial services firms, our cybersecurity lawyers work closely with our financial services regulatory lawyers to ensure that the advice we provide with respect to cybersecurity and data governance aligns fully with the expectations of financial services supervisors in the US, Canada, Europe, Asia and the Middle East. If you have questions or would like additional information concerning the Guide or other cybersecurity or data governance issues affecting your financial institution, please feel free to reach out to:
Tom Delaney
Partner
thomas.delaney@nortonrosefulbright.com
Will Daugherty
Head of Cybersecurity, United States
will.daugherty@nortonrosefulbright.com
Tim Byrne
Partner
tim.byrne@nortonrosefulbright.com
Chris Cwalina
Global Co-Head and US Head of Information Governance, Privacy and Cybersecurity
chris.cwalina@nortonrosefulbright.com