Financial firms should be stress-tested to evaluate their ability to handle a cyber attack, Mester recommended during a conference on financial stability hosted by the Cleveland Fed.
“Such a test could help evaluate the financial system’s plans for data and core systems recovery and its reliance on third parties to implement that plan,” she said.
As part of the testing, firms should have a plan for how they will ensure data is protected and make sure it has not been altered.
Regulators could consider using simulations to test how firms would recover from an attack, based on tactics used during real attacks, Mester said. The examinations could also look at firms’ ability to resume business after an attack that corrupts data and affects multiple institutions, modeling an approach used by the Bank of England.
Mester also said that financial firms, government agencies and regulators need to collaborate better and share information when it comes to facing cybersecurity risks. When sharing data about trends in cyber threats, financial supervisors should also partner with universities and other groups to learn how to identify problematic patterns, she said.
The Fed official did not comment on monetary policy during her remarks. She previously said she opposed all three rate cuts approved this year but that she now felt monetary policy is in a “good spot.”
Mester does not vote in monetary policy decisions this year but she does participate in deliberations. The Fed voted 8-2 to cut interest rates in October for the third time this year, bringing the target level to a range of 1.5% to 1.75%.
Reporting by Jonnelle Marte; Editing by Chizu Nomiyama