The Teller Window
A view into the work of the New York Fed

« | Main | »

April 15, 2019

Takeaways from Kevin Stiroh’s Remarks on Cybersecurity from a Supervisory Perspective

At a conference at the New York Fed on April 12, EVP Kevin Stiroh discussed the issue of cybersecurity from the perspective of a bank supervisor. He noted that cybersecurity is one of many aspects of operational resiliency for firms:

“Our approach to cybersecurity is embedded in the broader supervisory and risk management frameworks…. We see notable similarities to other shocks that could impact a firm’s operational resiliency, safety and soundness, and ability to continue to provide financial services in a sustainable way.”

But he also pointed out important differences between cyber threats and what might be considered traditional risk areas for firms. One difference is motivation:

“Asset quality or market prices may change unexpectedly and weather events may prove disruptive, but they lack intent to harm. By contrast, cyber events, by definition, involve an intention to steal, disrupt, or destroy.”

Another is the nature of the disruption, including potential impacts on data confidentiality, integrity, and availability:

“Cyber attacks that involved data corruption or destructive malware are unique to a cyber threat and can have an immediate and devastating impact…. Even if a firm can recover from a data corruption cyber-attack, when would customers and clients trust them as a counterparty?”

And a third challenge from a risk management perspective is the amount of human capital required to manage cyber defense:

“Cyber security requires a different set of skills and abilities… Acquiring and retaining the critical talent for these activities is a growing challenge.”

These complexities notwithstanding, cyber resiliency is an area “where the incentives of the private and public sector are closely aligned,” and it is increasingly important for all sides “to collaborate, share information, and learn from one another about threats, responses, and best-practice approaches.”

“Supervisors can contribute to this debate by continuing to emphasize the critical importance of a strong risk culture with the appropriate governance and controls framework.”

Read the full speech.

This article was originally published by the New York Fed on Medium.


The views expressed in this article are those of the contributing authors and do not necessarily reflect the position of the New York Fed or the Federal Reserve System.

About

The Teller Window is a publication featuring expert knowledge and insight from the New York Fed, including thoughts and perspectives from senior leaders. It offers a deep look at issues that matter to the Federal Reserve’s Second District and the nation.

Articles on the Teller Window focus on the people and programs that help the New York Fed support the U.S. economy. They are written for a wide audience with the aim of illustrating what we are doing and why it matters. Stories include editorials, interviews, explainers, and reports on events and trends in our communities and region. The Teller Window is edited by the Communications and Outreach Group on behalf of the New York Fed. Separately, for analysis from New York Fed economists working at the intersection of research and policy, please see Liberty Street Economics.

The New York Fed began publishing on the Teller Window in November 2022. Articles with dates earlier than November 2022 were originally published by the New York Fed on Medium.

Step up to the Teller Window to learn more about the New York Fed’s work and views.