Ready or not, it is a fact that cyber attacks and threats are going to be a dominant risk to financial institutions in 2015. Cyber security now ranks as the principal concern of the financial services industry, according to results of a Fall 2014 survey released by The Depository Trust & Clearing Corporation (DTCC). According to their news release, a record 84% of respondents in DTCC’s Systemic Risk Barometer, identified cyber-risk as one of their top five concerns The finding represents an increase of 25 points since the last survey was conducted in March 2014.
While financial institutions have been working for many years to beef up their defences against cyber attacks and have been investing heavily in their cyber security efforts, they continue to face an uphill battle for several reasons. Rapid technological change and the competitive push to adopt new technologies in order to attract and retain clients continue to challenge the cyber security needs of financial institutions. New technologies often require new security protocols and, for this reason, cyber security is an ever-evolving exercise for the companies. Add to that picture the growing frequency, as well as sophistication of cyber attacks, and you have yourself quite the task. Another piece of the challenge for financial institutions is their inevitable reliance on third party providers to support some key business functions such as payment processing, trade clearing, and even web-based client applications. This use of external resources in return necessitates an added layer of scrutiny and checks and balances that financial institutions must impose on their third party vendors. Even though, they lack direct oversight over their vendors, ultimately it is the financial institution that is responsible if things go awry and their customers and their businesses fall victim to cyber crimes.
Given the described cyber security environment that financial institutions find themselves in, it is essential for institutions to seek opportunities for collaboration when it comes to cyber security best practices. This Goliath is simply too big for any lone David in the industry to slay single-handedly. The industry needs to take advantage of any reputable information platforms and resources that are available. To drive this need home, recently the Department of Financial Services of New York State has recommended that all State-chartered depository institutions, irrespective of size, become members FS-ISAC (Financial Services Information Sharing and Analysis Center). We should expect similar action in other jurisdictions.
With the risk comes heightened regulatory scrutiny. Regulators and governments across the globe are also collaborating with each other and their respective regulated industries. While the industry continues to proactively self-assess against cyber risks, governments are unlikely to rest and watch. Point in case, as part of a joint initiative of the U.S. and U.K. governments this year, banks in London and New York will simulate a cyber attack on their computer systems. A joint team of cyber security experts from both countries will coordinate their responses. Similar efforts are bound to increase for the benefit of global financial services consumers and for the sake of the resilience of the financial institutions that serve them.
Below are links to some interesting reads on this topic.
Cyber resilience in financial market infrastructures
Cyber Security: Protecting the Resilience of Canada’s Financial System
New York State Department of Financial Services Report on Cyber Security in the Banking Sector
PWC – Threat smart: Building a cyber resilient financial institution
Cyber Security Essentials for Banks and Financial Institutions
“When it comes to cyber crime, here’s why your bank has your back”