Because Cybersecurity is a business issue, not just an IT issue, the risk that it brings should be addressed by all areas of the financial institution. Right?
While there is an increasing number of articles and blogs calling for executive management and board involvement in cybersecurity, it's also important that the audit committee plays a role in managing the risk.
In a recent article on BankDirector.com, Sal Inserra points out that cybersecurity is the #1 challenge for bank audit committees. While Sal doesn't go into a lot of depth in the article, it's still good to see a push for other areas of the bank (audit in this case) to get involved in information security.
Some key points in Sal's article for audit staff to focus on cyber:
- The importance of threat information sharing
- Bringing in outside expertise to the audit committee for risk insight and mitigation strategies
- Become very familiar with the CAT
- Keep up with interagency guidance