Government-sponsored enterprise (GSE) Freddie Mac this week released an industry letter encouraging seller/servicers to take the accelerating pace of cybersecurity threats seriously, and to ensure that processes and tools are maintained to limit exposure to potential security risks. A record number of cybersecurity incidents against Seller/Servicers occurred in 2023, the letter said.
Given recent events and the increasingly sophisticated nature of these cybersecurity incidents, Seller/Servicers are encouraged to accelerate their program reviews to incorporate industry best practices and lessons learned from recent events, the letter said. We are reminding Seller/Servicers that they are obligated to report incidents as soon as possible, but no later than 48 hours after discovery. Freddie Mac also aims to remind seller/servicers about their obligations to respond to Freddie Mac inquiries related to a cybersecurity incident and provide information regarding its scope, its containment and the Seller/Servicer's resolution of any vulnerabilities to Freddie Mac's satisfaction, the letter said. The GSE also advised that it is taking a critical look at its own reporting requirements in light of the current challenges.
[
add
]
[
|
|
...
]