Cyber Risk Institute Updates Cybersecurity Profile

The Cyber Risk Institute—a coalition of financial institutions and trade associations including the American Bankers Association—has updated its Financial Services Cybersecurity Profile. The profile—which ABA helped develop and which is intended to help financial institutions reduce the overall time spent on cyber risk compliance—is currently being implemented by many institutions and is accepted by the regulatory community.

The latest version of the profile, Version 1.2, includes mappings to other industry cybersecurity tools and standards, including the Federal Financial Institutions Examination Council’s Cybersecurity Assessment Tool. The latest release also includes a new workbook that can help guide firms’ cybersecurity response, and PDF versions of the user guide and impact questionnaire.

CRI is also planning a version 2.0 of the profile, which it previewed in a roadmap for 2022 and beyond. Version 2.0 will address diagnostic statements to ensure clarity and coverage, CRI said, and will include structural additions to include categories, subcategories, and diagnostic statements related to technology controls, project management, and third-party risk management. It will also ensure that the initial impact tiering questionnaire reflects appropriate international concerns when determining the effects of organizations on the financial sector, and will provide additional mappings.