In today’s interconnected and digital world, business leaders must be more aware of the diverse cyber threats their business faces and be proactive in protecting their clients, data, networks and operations from theft, disruption and destruction. From criminals seeking financial gain to nation states committing corporate espionage or seeking to dislocate markets, cyber threat actors are becoming more sophisticated in their attack methods, making cybersecurity an area of risk that must be actively managed by firms similar to other areas of risks.
While distributed denial-of-service attacks on large financial institutions are most often reported in headlines, cybercrime involves protecting more than a business’s individual technology systems. As evident in recent headlines, breaches in third-party service providers, can create detrimental issues for the firms that rely on their services. In addition, as recent incidents have made apparent, although cyber crime can come in the form of complex computer code, businesses must be aware of both the technical aspects of the threat externally as well as the threat of insiders committing or enabling cyber attacks.
The IT infrastructure in financial services serves as “technology leverage”, as the Atlantic Council puts it – creating tremendous efficiencies but with increasing risk. The destruction of financial data or the disruption of markets would have a rippling effect on other domestic sectors and industries, as well as global markets. In that light, President Obama has expressed that the “cyber threat is one of the most serious economic and national security challenges we face as a nation” and that “America's economic prosperity in the 21st century will depend on cybersecurity.”
The financial industry is committed to furthering the development of industry-wide cybersecurity initiatives that protect our clients and critical business infrastructure, improve data sharing between public and private entities and safeguard customer information. An effective and efficient cybersecurity policy will be achieved most easily through a coordinated effort among industry members that leverages the extensive investments already made as the industry continues to actively manage cyber risk and maintain safe and secure financial networks.
SIFMA strongly supports bipartisan legislative measures such as S. 754, the Cybersecurity Information Sharing Act (CISA) of 2015, which was recently signed into law by President Obama to provide the private sector with laws that will enable us to better protect our clients and collaborate with our government partners. Additionally, on February 9, 2016, President Obama announced a new Cybersecurity National Action Plan (CNAP) that aims to enhance cybersecurity practices across the federal government.
SIFMA is actively engaged in coordinating the effort to support a safe, secure information infrastructure which provides security of customer information and efficient, reliable execution of transactions. SIFMA is continually working with industry and government leaders to identify and communicate cybersecurity best practices for firms of all sizes and capabilities and educate the industry as to the evolving threats and appropriate responses.
Refer to the Cybersecurity Resources page for information on the International Cybersecurity, Data and Technology Principles; Guidance for Small Firms; Best Practices for Insider Threats; Third Party Risk Management; Exercises; and more.