OCC Acting Comptroller Michael J. Hsu encouraged financial institutions to continue investing in cybersecurity risk mitigation efforts, and to collaborate through financial industry joint efforts aimed at information sharing and collective defense. He also cautioned against being lulled into a false sense of security based on having previously undertaken risk mitigation and cybersecurity compliance measures.
In his remarks before a joint meeting of the Financial and Banking Information Infrastructure Committee and the Financial Services Sector Coordinating Council, Mr. Hsu called for a heightened focus on the "resilience and recovery capabilities of critical operations" in light of emerging technologies and "increasingly complex dependencies in the provision of financial services." He reported that there has been an increase in the "frequency and severity" of cyberattacks targeting both financial institutions and their service providers. Mr. Hsu urged financial institutions to examine the potential impact of cyber incidents on their own institutions, as well as on the broader financial system. He also emphasized that "strong preventative controls to protect against unauthorized access" is the most important first step to defend against malicious actors.
To help mitigate cyber risk, Ms. Hsu called on financial institutions to (i) invest in establishing "secure and resilient infrastructure" and (ii) participate in public/private partnerships focused on defending the financial sector. He also encouraged institutions to continue engaging in collaborative practices by, for example, participating in financial industry information sharing forums.