In today’s interconnected and digital world, business leaders must be more aware of the diverse cyber threats their business faces and be proactive in protecting their clients, data, networks and operations from theft, disruption and destruction. From criminals seeking financial gain to nation states committing corporate espionage or seeking to dislocate markets, cyber threat actors are becoming more sophisticated in their attack methods, making cybersecurity an area of risk that must be actively managed by firms similar to other areas of risks.
While distributed denial-of-service attacks on large financial institutions are most often reported in headlines, cybercrime involves protecting more than a business’s individual technology systems. As evident in recent headlines, breaches in third-party service providers, can create detrimental issues for the firms that rely on their services. In addition, as recent incidents have made apparent, although cyber crime can come in the form of complex computer code, businesses must be aware of both the technical aspects of the threat externally as well as the threat of insiders committing or enabling cyber attacks.
The IT infrastructure in financial services serves as “technology leverage”, as the Atlantic Council puts it – creating tremendous efficiencies but with increasing risk. The destruction of financial data or the disruption of markets would have a rippling effect on other domestic sectors and industries, as well as global markets. In that light, President Obama has expressed that the “cyber threat is one of the most serious economic and national security challenges we face as a nation” and that “America's economic prosperity in the 21st century will depend on cybersecurity.”
The financial industry is committed to furthering the development of industry-wide cybersecurity initiatives that protect our clients and critical business infrastructure, improve data sharing between public and private entities and safeguard customer information. An effective and efficient cybersecurity policy will be achieved most easily through a coordinated effort among industry members that leverages the extensive investments already made as the industry continues to actively manage cyber risk and maintain safe and secure financial networks.
SIFMA is actively engaged in coordinating the effort to support a safe, secure information infrastructure which provides security of customer information and efficient, reliable execution of transactions. SIFMA is continually working with industry and government leaders to identify and communicate cybersecurity best practices for firms of all sizes and capabilities and educate the industry as to the evolving threats and appropriate responses.
SIFMA strongly supports bipartisan legislative measures such as S. 754, the Cybersecurity Information Sharing Act (CISA) of 2015, which provide the private sector with laws that will enable us to better protect our clients and collaborate with our government partners. We encourage Congress to come to quick agreement on CISA legislation that has passed both the House and Senate, and send the President a workable cyber information sharing bill as soon as possible. Importantly, while we are supportive of the process moving forward to a Conference, SIFMA does have serious concerns with language adopted during the Senate process (Section 407) which would give an outsize and inappropriate role to the Department of Homeland Security in making information sharing determinations and could lead to burdensome regulation that would undermine the voluntary nature of CISA, which is at its core. We strongly urge the Conference Committee to strike this provision.