Categories: U.S. Treasury

G7 Cyber Expert Group Releases New Reports on Ransomware and Third-Party Risk

WASHINGTON—The G7 Cyber Expert Group (CEG) – which U.S. Department of the Treasury’s Office of Cybersecurity and Critical Infrastructure (OCCIP) co-chairs alongside the Bank of England – recently released two reports addressing ransomware and third-party risk within the financial sector. These free and publicly available resources are intended to help financial sector entities better understand cybersecurity topics as agreed upon by a multilateral consensus.  

The Fundamental Elements of Ransomware Resilience for the Financial Sector provides financial entities with high-level building blocks for addressing the ransomware threat. The document is part of a series of Fundamental Elements produced by the CEG, all of which are non-prescriptive and non-binding, and provide an overview of the current policy approaches, industry guidance, and best practices in place throughout the G7. The aim of this document is for financial institutions – both public and private – to use its guidance for their own internal ransomware mitigation activities. Additionally, the collaboration between the G7 jurisdictions on producing this report highlights global efforts to promote the resilience of the financial sector. 

The CEG’s other product for 2022, The Fundamental Elements of Third-Party Risk Management for the Financial Sector, updates a previous version published in 2018. Due to the increasing use of service providers by financial institutions in central operational functions and the subsequent vulnerabilities created by this reliance, the G7 CEG deemed this update necessary to keep pace with the ever-changing cyber threat landscape. The update includes explicit recommendations for monitoring risks along the supply chain, identifying systemically important third-party providers, and concentration risks.

These reports were announced in October 2022 by Bundesbank, as part of Germany’s presidency of G7, after they were adopted by the G7 Finance Ministers and Central Bank Governors. They were published on Bundesbank’s website alongside previous Fundamental Elements on such topics as cybersecurity in the financial sector, penetration testing, and cyber exercises. 

The G7 CEG was founded in 2015 to serve as a multi-year working group that coordinates cybersecurity policy and strategy across the eight G7 jurisdictions. In addition to policy coordination, the G7 CEG also acts as a vehicle for information sharing, cooperation, and incident response.

IR Press

Share
Published by
IR Press

Recent Posts

OCC Announces Enforcement Actions for November 2024

WASHINGTON—The Office of the Comptroller of the Currency (OCC) today released enforcement actions taken against…

17 hours ago

Treasury Sanctions Gazprombank and Takes Additional Steps to Curtail Russia’s Use of the International Financial System

Treasury imposes sanctions on dozens of Russian banks, securities registrars, and finance officials; OFAC issues…

1 day ago

Acting Comptroller Testifies on State of the Federal Banking System

WASHINGTON—Acting Comptroller Michael J. Hsu today testified on the state of the federal banking system…

2 days ago

Remarks by Assistant Secretary for International Finance Brent Neiman on the U.S. Cross-Border Payments Agenda

As Prepared for Delivery Thank you very much for the opportunity to be here today, and…

3 days ago

Remarks by Assistant Secretary for Investment Security Paul Rosen at the Third Annual CFIUS Conference

As Prepared for Delivery Good afternoon.  I’d like to start by thanking our panelists today for…

3 days ago