Deputy Treasury Secretary Sarah Bloom Raskin recently outlined ten questions that bank CEOs should ask to assess their institutions’ cybersecurity readiness. Speaking at a Texas Bankers Association conference in Austin, Secretary Raskin stressed the importance of using the following questions as a roadmap to deal with cyber threats:
Question 1: Is cyber risk part of our current risk management framework?
Question 2: Do we follow the NIST Cybersecurity Framework?
Question 3: Do we know the cyber risks that our vendors and third-party service providers expose us to, and do we know the rigor of their cybersecurity controls?
Question 4: Do we have cyber risk insurance?
Question 5: Do we engage in basic cyber hygiene?
Question 6: Do we share incident information with industry groups?
Question 7: Do we have a cyber-incident playbook and who is the point person for managing response and recovery?
Question 8: What roles do senior leaders and the board play in managing and overseeing the cyber incident response?
Question 9: When and how do we engage with law enforcement after a breach?
Question 10: After a cyber incident, when and how do we inform our customers, investors, and the general public?
While primarily addressed to bank CEOs, Secretary Raskin’s roadmap also provides a useful guide for any business executive focused on cyber risk management. If you have questions about your organization’s cybersecurity readiness or how to assess the cybersecurity readiness of your vendors and third-party service providers, contact a member of the McGrath North Privacy and Data Security Group.