ICBA called on federal regulators to continue building on the Cybersecurity Assessment Tool risk assessment framework while keeping it voluntary.

Recommendations: In a comment letter to the OCC on improving the CAT, ICBA said regulators should:

  • Establish a working group of public- and private-sector participants to complete regular reviews of the CAT to keep it up to date.

  • Create resources to further educate bank leadership on the CAT.

  • Provide community banks access to trending information and statistical analysis.

More: Cybersecurity resources—including no-cost cyber and incident response training for ICBA members—are available on ICBA’s cyber and data security resource center.