WASHINGTON (11/6/14)--Federal regulators are likely to look into cybersecurity training of board members and executives, according to a former Federal Deposit Insurance Corp. examination analyst. In an interview with Bank Info Security, attorney Amy McHugh said the Federal Financial Institutions Examination Council's (FFIEC) is likely to issue updated security guidance.
The guidance will be released as a result of the FFIEC cybersecurity assessment that took place over the summer, which featured five themes that financial institutions should keep in mind when assessing their organization's cybersecurity preparedness.
"As a result of the cybersecurity assessment, FFIEC members are reviewing and updating current guidance to align with changing cybersecurity risk," reads a statement from the FFIEC.
McHugh recommends that financial institutions "review their programs now and start implementing some of these recommendations from the FFIEC as soon as they can."
She added that institutions would be "well served" to train board members and C-level executives in the latest cybersecurity protocols, at the very least so they can tell examiners what sort of risk assessment and mitigation procedures are in place.
"I do think there should be some sort of internal resource that can help the board," McHugh said. "And I believe this is going to be an area of emphasis for regulators going forward."
The assessment results released earlier this week are not intended to serve as guidance, but according to the FFIEC, guidance will be forthcoming.