October 25, 2018

The Financial Services Sector Coordinating Council (FSSCC) released the new Cybersecurity Profile.

(UPDATE: The Cybersecurity Profile is now maintained, updated, and managed by the Cyber Risk Institute “CRI” and was last updated by CRI in February, 2024.)

The Profile provides a framework that integrates widely used standards and supervisory expectations to help guide financial institutions in developing and maintaining cybersecurity risk management programs.

The Profile is the result of two years’ work and collaboration among financial institutions, trade groups, and government agencies which was spearheaded by FSSCC, the American Bankers Association, Bank Policy Institute’s technology policy subdivision BITS, Futures Industry Association, Global Financial Markets Association (and its member associations of the Association for Financial Markets in Europe, the Asia Securities Industry & Financial Markets Association, and the Securities Industry and Financial Markets Association), and the Institute of International Bankers.

The profile was developed in response to a survey of chief information security officers from financial institutions that indicated nearly 40% of their time was spent on compliance and reconciling competing, duplicative, redundant, and inefficient cybersecurity supervisory examinations.