October 3, 2022

Volume XII, Number 276


September 30, 2022

Subscribe to Latest Legal News and Analysis

Deputy Treasury Secretary Discusses Cybersecurity Checklist for Banks

Deputy Treasury Secretary Sarah Raskin, who recently spoke at the Texas Bankers’ Association Executive Leadership Cybersecurity Conference, provided bank executives and boards some guidance on preventing, preparing for and responding to cyberattacks.

Citing recent attacks against Target, Home Depot and JP Morgan Chase as evidence of the growing cybersecurity threat, Raskin offered a checklist of 10 questions to guide bank CEOs and their boards. The questions encompass three broad areas—baseline protection, information sharing and response and recovery—and aim to provide a roadmap for banks before an attack occurs.   

The questions covered areas such as: whether the bank follows the National Institute of Standards and Technology’s Cybersecurity Framework; what cyber risks do the bank’s vendors and other third parties expose it to; whether the bank has cyber risk insurance; when and how the bank engages with law enforcement after a cyber incident; and when the bank informs customers, investors and the general public about cyber incidents. 

One point Raskin emphasized is exercising “basic cyber hygiene,” meaning knowing all the systems on your network, knowing who has what administrative privileges and routinely patching software and assessing security weaknesses. According to her estimate, such activities could prevent 80 percent of all known attacks. Another important point of emphasis was the preparedness of a bank’s leadership for an attack, including having a cyber-incident “playbook,” which details who is responsible for coordinating the bank’s response and what their first course of action should be. Additionally, Raskin recommends that banks engage in cyber exercises that simulate a cyber intrusion in order for the leadership to be prepared for the organizational challenges such an attack would pose. The Department of the Treasury is currently in the process of developing such an exercise regime, with input from both the financial sector and other federal departments and agencies. 

Remarks are available here.

©2022 Katten Muchin Rosenman LLPNational Law Review, Volume IV, Number 346

About this Author

Michael Rosensaft, white collar criminal litigator, Katten, New York Law Firm

Michael M. Rosensaft focuses his litigation practice on representing individuals and businesses in white collar criminal matters, regulatory enforcement matters, corporate internal investigations, insurance and health care fraud and complex civil litigation.

Prior to joining Katten, he served as an Assistant US Attorney for the Southern District of New York. In that capacity, Michael oversaw the investigation and prosecution of numerous criminal cases involving terrorism, international money laundering, export violations, bribery of foreign...

Tenley Mochizuki, Katten Muchin Law Firm, Litigation Lawyer

Tenley Mochizuki concentrates her practice in litigation and dispute resolution matters.

While attending law school, Tenley participated in the Advocacy for the Elderly Clinic and worked on the Virginia Environmental Law Journal. Before joining the firm, she worked in a medical office, a primate cognition laboratory and various nonprofit organizations.