trending Market Intelligence /marketintelligence/en/news-insights/trending/_GrI00Wz8gAvof4yrZrElg2 content esgSubNav
In This List

Watchdog: FDIC's compliance with own cybersecurity processes inadequate

Blog

Insight Weekly: Bank boards lag on gender parity; future of office in doubt; US LNG exports leap

Blog

Insight Weekly: Job growth faces hurdles; shale firms sit on cash pile; Africa's lithium future

Podcast

Street Talk | Episode 99 - Higher rates punish bond portfolios, weigh on bank M&A

Blog

Insight Weekly: Loan growth picks up; US-China PE deals fall; France faces winter energy crunch


Watchdog: FDIC's compliance with own cybersecurity processes inadequate

The Office of Inspector General for the Federal Deposit Insurance Corp., in another audit of the regulator's cybersecurity processes, found that the latter took an average of nine months to notify impacted individuals of breaches.

The watchdog's assessment covered 18 of 54 suspected or confirmed breaches at the FDIC from 2015 to 2016, involving personally identifiable information and potentially impacting more than 113,000 individuals.

It found that while the FDIC had processes in place for handling incidents where information is compromised, the regulator did not adequately implement the recommended steps or document its assessments and decisions. Nor did it track metrics identified in its data breach handling guide as key to improving its prevention and response capabilities.

The FDIC also has a process for convening a data breach management team, but has not provided specialized training to team members.

Following the receipt of the watchdog's audit, the FDIC concurred with its recommendations. The regulator has hired a permanent incident response coordinator and intends to hire an information security manager lead.

The FDIC expects to complete all corrective actions by Sept. 30, 2018.