Monday, October 16, 2017 05.36PM /
On October 13, 2017 in Washington DC; the
finance ministers and central bank governors of the G-7 countries released the Fundamental Elements for Effective
Assessment of Cybersecurity for the Financial Sector. Underscoring
that cybersecurity remains a topic of paramount importance for the financial
system, the United States Department of the Treasury and the Board of Governors
of the Federal Reserve System welcomes the continued efforts by the G-7 to
promote effective practices for cybersecurity and drive greater consistency across
the international financial sector.
These collective efforts build greater
resiliency within the financial system.
“A secure, safe, and strong financial
sector is essential to promote real growth within the U.S. economy and across
the world. Cybersecurity, particularly in the financial sector, is a top
priority for the United States, and we are pleased to work with the members of
the G-7 to advance a common approach that enhances resiliency,” said Treasury
Secretary Steven T. Mnuchin. “Technology has become the global engine driving
innovation and economic growth, and it provides a channel for the financial
sector to engage customers and counterparties. However, this trend brings
increased cyber risk, which is real, dynamic, and evolving.”
This report advances the work of the G-7 Fundamental Elements of Cybersecurity
for the Financial Sector released last year, which encapsulate
elements of cybersecurity for public and private financial sector entities. The
new Elements, though non-binding and non-prescriptive, provide tools for
institutions to evaluate the performance and assessment of cybersecurity
practices. Additionally, they detail a set of outcomes which demonstrate sound
cybersecurity and process components for organizations to use when evaluating
The U.S. Department of the Treasury and
the Bank of England co-chair the G-7 Cyber Expert Group, established in
Finance Ministers and Central Bank Governors Press Release
Cyber incidents are
increasing in scale and sophistication, and improving the cybersecurity of the
financial sector remains a critical objective for G-7 countries.
The G-7 Cyber Expert
Group (‘CEG’) continues to facilitate coordination across members and develop a
G-7 view on best practices for cybersecurity in the finance sector.
Last year, we published
the FundamentalElements of Cybersecurity for the Financial Sector, a set
of non-binding elements which encapsulate effective practices in cybersecurity
for public and private financial-sector entities.
Today we publish the Fundamental
Elements for Effective Assessment of Cybersecurity for the Financial Sector.
The guidance provides
institutions with a set of outcomes which demonstrate good cybersecurity
practices, including: embedding of cybersecurity considerations into
organizational decision-making; acknowledgment that technological disruptions
will occur; adaptation to changing cyber risks; creation of a good
Elements for Effective Assessment also set out five non-prescriptive,
high-level process components for organizations to use when assessing their
level of cybersecurity. These cover:
(1) setting clear goals
for cyber assessments;
(3) using a diverse
range of tools;
(4) clearly reporting
findings and remedial actions;
(5) ensuring that
assessments are reliable and fair.
non-binding, the Fundamental Elements for Effective Assessment set out a
clear G-7 view of what effective practice for assessing cybersecurity looks
like, which can be applied by financial institutions and authorities alike.
The guidance is designed
to be tailored to different jurisdictions, and to firms of different sizes and
levels of maturity.
Building on the Bari
Communiqué of May 2017, the CEG continues to work on third party risks and
cross-sector coordination. In addition, the CEG will develop a set of
fundamental elements for threat-led penetration testing, and proposals for
cross-border cyber crisis simulation exercises involving G-7 financial