By Joe Davidson, Senior Vice President
Supervision and Regulation
Federal Reserve Bank of Atlanta
Dear colleagues,
As we begin 2024, Sixth District bank performance remains relatively resilient. The proliferation of third-party relationships in banking has heightened the need for strong third-party risk management. Consumers are still feeling the long-term fallout from the MOVEit data breach in May 2023, which affected 2,659 organizations and 67 million people. The MOVEit breach highlights a particular vulnerability in which bad actors can obtain data from multiple companies all in one hack.
Meanwhile, community bankers nationwide ranked cybersecurity threats as their top internal concern once again in the 2023 Conference of State Bank Supervisors (CSBS) Annual Survey of Community Banks. Among both internal and external risks, cybersecurity was the top challenge for community bankers, with almost 93 percent of the 450 surveyed bankers naming it an “extremely important” or “very important” risk. The impact of cyber resilience is a key component of firms’ overall operational resilience. A lack of cyber resilience at individual financial institutions in the Sixth District, their counterparties, and along the supply chain makes the financial system more vulnerable to cyber incidents and resulting bouts of financial instability.
Risks posed by third-party interdependence amplify the concerns around cybersecurity breaches, resulting in heightened supervisory focus for our institutions. Vulnerabilities are increasing at an alarming rate and are attributable to reliance on legacy systems and dated servers/platforms that pose challenges to patch management. I encourage you to periodically reevaluate your systems and platforms and engage directly with third parties that might contribute to making your operations and depositors vulnerable.
Our district’s cybersecurity team is here to provide perspective as you navigate these challenges. The Federal Reserve Bank of Atlanta maintains a critical mix of diverse and seasoned cyber professionals, with IT credentials and certifications from organizations such as the Cybersecurity and Infrastructure Security Agency. These specialized examiners are part of a national program dedicated to cyber examinations across a wide range of financial institutions and bring this expertise, experience, and range of practices to our Sixth District risk assessments and supervisory programs.
Changes in economic cycles and advances in technology have the potential to change the way banks deliver services to their customers, but strong relationships and open, two-way communications between bankers and supervisors increase the opportunities to foster resiliency and mitigate risks before problems arise. In the Sixth District, we look forward to engaging with you as partners in 2024.
Yours sincerely,
Joe Davidson
Senior Vice President, Supervision and Regulation
The Federal Reserve Bank of Atlanta