trending Market Intelligence /marketintelligence/en/news-insights/trending/_GrI00Wz8gAvof4yrZrElg2 content esgSubNav
In This List

Watchdog: FDIC's compliance with own cybersecurity processes inadequate

Blog

Insight Weekly: Global stock performance; hydrogen pilot projects; Powell's Fed future unsure

Blog

How Financial Institutions are Managing Exposure to U.S. Municipals

Blog

Top 100 Banks: Capital Ratios Show Resilience to the Pandemic

Blog

Banking Essentials Newsletter: October Edition


Watchdog: FDIC's compliance with own cybersecurity processes inadequate

The Office of Inspector General for the Federal Deposit Insurance Corp., in another audit of the regulator's cybersecurity processes, found that the latter took an average of nine months to notify impacted individuals of breaches.

The watchdog's assessment covered 18 of 54 suspected or confirmed breaches at the FDIC from 2015 to 2016, involving personally identifiable information and potentially impacting more than 113,000 individuals.

It found that while the FDIC had processes in place for handling incidents where information is compromised, the regulator did not adequately implement the recommended steps or document its assessments and decisions. Nor did it track metrics identified in its data breach handling guide as key to improving its prevention and response capabilities.

The FDIC also has a process for convening a data breach management team, but has not provided specialized training to team members.

Following the receipt of the watchdog's audit, the FDIC concurred with its recommendations. The regulator has hired a permanent incident response coordinator and intends to hire an information security manager lead.

The FDIC expects to complete all corrective actions by Sept. 30, 2018.