Skip to Navigation
Skip to Main content
OIG Home
OIG Home


Skip SHARE THIS PAGE section Skip STAY CONNECTED section

Board Report: 2017-IT-B-009 April 17, 2017

The Board Can Enhance Its Cybersecurity Supervision Approach in the Areas of Third-Party Service Provider Oversight, Resource Management, and Information Sharing

available formats

The number and sophistication of cybersecurity threats to the financial sector have increased dramatically over the past several years. In response, we assessed the Board's oversight of financial institutions' information security controls and cybersecurity risks in select areas.

In several areas, the Board can enhance its oversight of third-party technology service providers that perform key services for Board-supervised entities. For example, the Board has not been enforcing a requirement for financial institutions to report new service relationships. In addition, the Board's cybersecurity workforce planning and internal communications about cybersecurity risks identified at Board-supervised entities can be enhanced.

Our report contains several recommendations to address these findings.