On August 2, 2022, the Acting Comptroller of the Currency Michael J. Hsu spoke at the joint meeting of the FBIIC and FSSCC where he discussed cybersecurity risks facing the financial sector. In his remarks, Hsu talked about the three intersecting risks that he believes the financial industry should pay attention to - the risk of evolving cybersecurity threats, the risk to critical operations, and the risk of complacency.
Hsu emphasized the importance of financial institutions’ investing in building a secure and resilient infrastructure and collaborating through public/private partnerships. He also added that based on the regulatory’s observations, the majority of cybersecurity breaches have been caused by lack effective controls in the following three areas: 1) strong authentication; 2) effective systems configuration and patch management; and 3) cyber response and resilience capabilities.
Hsu concluded his remarks by encouraging the private financial sector to collaborate with the government in addressing cyber risks through information sharing.
A copy of Hsu’s full remarks can be found here.