Proposed Cybersecurity Regulations for Banking Agencies: Standards for Sector-Critical Systems of Covered Entities

Earlier in our discussion of the Federal Reserve’s Enhanced Cyber Risk Management Standards, we broached the topic of sector-critical systems. The Reserves’ Notice defined this term as systems of covered entities that are especially critical to the financial sector, and assigned them a more stringent set of cyber risk management standards to follow in addition to the other standards outlined in the Notice. Here are the standards designated to aid sector-critical systems in reducing their Cyber Liability.

Implementing Controls

The first sector-critical standard mentioned by the Notice recommends that covered entities establish commercially available controls that will work to minimize the systems’ residual cyber risk. By reducing lingering cyber liabilities, the chance of cyber-related system failures or disruptions will drastically drop. 

Establishing RTOs

The second standard asks that covered entities establish a two-hour RTO (recovery time objective) for their sector-critical systems to recuperate from “disruptive, corruptive, or destructive” cyber events. In addition, entities would validate their RTO by regularly testing a wide range of plausible risk scenarios, which would test areas such as communication protocols, governance arrangements, and recovery measures.

Assessing Risk Reduction

The third standard proposed by the Federal Reserve states that Board-supervised entities should quantitatively measure their ability to reduce their sector-critical systems’ aggregate risk at the holding company level. Said measurements would consider risks related to internal dependencies, external dependencies, and any connections that have access to their sector-critical systems.

About FGIB

Since 1983, Financial Guaranty Insurance Brokers has distinguished itself as a provider of Professional Liability, Cyber Liability, and Crime insurance products for financial entities, in addition to providing crime insurance and general business insurance products to a number of firms across the United States. To receive timely, personalized service from a knowledgeable and experienced staff, call us today at (877) 485-4413 to speak with one of our professionals.