Board Report: 2017-IT-B-009 April 17, 2017
The number and sophistication of cybersecurity threats to the financial sector have increased dramatically over the past several years. In response, we assessed the Board's oversight of financial institutions' information security controls and cybersecurity risks in select areas.
In several areas, the Board can enhance its oversight of third-party technology service providers that perform key services for Board-supervised entities. For example, the Board has not been enforcing a requirement for financial institutions to report new service relationships. In addition, the Board's cybersecurity workforce planning and internal communications about cybersecurity risks identified at Board-supervised entities can be enhanced.
Our report contains several recommendations to address these findings.
