Government Accountability Office, Cybersecurity: Bank and Other Depository Regulators Need Better Data Analytics and Depository Institutions Want More Usable Threat Information (GAO-15-509) (July 2, 2015) (full-text).
This report’s objectives include examining (1) how regulators oversee institutions' efforts to mitigate cyber threats, and (2) sources of and efforts by agencies to share cyber threat information. The GAO collected and analyzed cyber security studies from private-sector sources and reviewed materials from selected IT examinations (based on regulator, institution size, and risk level). The GAO also held three forums with more than 50 members of financial institution industry associations who provided opinions on cyber threat information sharing.
The GAO recommended that Congress consider granting NCUA authority to examine third-party technology service providers for credit unions and regulators explore ways to better collect and analyze data on trends in IT examination findings across institutions.