Cybersecurity is a top priority in the financial industry to ensure the security of customer assets and information and the efficient, reliable execution of transactions within markets.

The financial services sector is committed to furthering the development of industry-wide cybersecurity initiatives that protect our clients and critical business infrastructure, improve data sharing between public and private entities and safeguard customer information.

SIFMA is working with our members on a variety of cybersecurity initiatives including:

• Promoting enhanced regulatory harmonization to encourage a more effective allocation of cyber resources;
• Promoting a robust industry-government partnership grounded in information sharing;
• Conducting exercises and industry tests designed to improve protocols for incident preparedness, response and recovery;
• Leveraging lessons learned to refine industry best practices, including for managing insider threats, third party risk, penetration testing and data security, such as securing data storage and recovery.

Cybersecurity Framework

An effective and efficient cybersecurity policy is achieved most easily through harmonized, risk-based global standards that leverage extensive investments already made. The NIST Cybersecurity Framework represents a potential global standard. The Cyber Risk Institute’s Financial Services Cybersecurity Profile provides a benchmark for cybersecurity in the financial services industry that is based on the NIST Framework, ISO 27000 series controls, and financial sector supervisory guidance and regulatory frameworks.

Cybersecurity Exercises

Quantum Dawn is a series of cybersecurity exercises that enable financial institutions and the sector, as a whole, to practice and improve coordination with key industry and government partners in order to maintain financial markets operations in the event of a systemic cyber-attack. In November 2021, SIFMA coordinated the global industry-wide Quantum Dawn VI cybersecurity exercise.

Cybersecurity Resources

SIFMA is actively engaged in coordinating the effort to support a safe, secure information infrastructure, with cybersecurity resources that provide security of customer information and efficient, reliable execution of transactions. We continually work with industry and government leaders to identify and communicate cybersecurity best practices for firms of all sizes and capabilities and educate the industry on evolving threats and appropriate responses.

Industry-Wide Business Continuity Test

SIFMA’s next annual Industry-Wide Business Continuity Test will be held on October 15, 2022. This critical exercise for financial services firms demonstrates our industry’s ability to operate through a significant emergency using backup sites, recovery facilities and backup communications capabilities. We encourage all firms to participate.

Global Initiatives

In addition, we collaborate with the Global Financial Markets Association (GFMA) on operations issues of global concern within the regulatory environment including the Framework for the Regulatory Use of Penetration Testing in the Financial Services Industry, which was updated in December 2020.