Here are resources for the financial industry to address critical cyber threats and improve the industry’s overall cybersecurity. Many resources leverage industry best practices and the volunteer efforts of SIFMA member firms to help all firms to increase their cybersecurity.

Learn more about SIFMA’s efforts around cybersecurity, including the Principles for Effective Cybersecurity Regulatory Guidance, here.

Best Practices for Insider Threats

SIFMA, leveraging the most effective guidance from both the private and public sector, has created a comprehensive set of best practices guide to inform firms of insider threats they face and provide a framework to create an effective insider threat mitigation program.

Cyber and Operational Resilience Table Top Exercises

Exercises designed for a firm to apply their cyber incident response plan to a set of detailed incidents scenarios that allow a cross functional team of key decision makers to navigate the impacts in an interactive setting while trying to maintain their firm’s operations.

Cyber Insurance Program

SIFMA is pleased to offer our members a best-in-class cyber and privacy insurance policy, provided through DeWitt Stern underwritten by ACE Group.

Data Protection Principles

Financial companies need to collect and share sensitive information to run their everyday business. Members of SIFMA’s Data Protection Working Group have developed a set of principles for the protection of sensitive data that align to the NIST Cybersecurity Framework.

Financial Services Sector Cybersecurity Profile

The Financial Services Sector Coordinating Council (FSSCC) for Critical Infrastructure Protection and Homeland Security established a Financial Services Sector Cybersecurity Profile. The Profile is a scalable and extensible assessment that financial institutions of all types can use for internal and external cyber risk management assessment and as a mechanism to evidence compliance with various regulatory frameworks both within the United States and globally.

GFMA Framework for the Regulatory Use of Penetration Testing in the Financial Services Industry

This Framework is designed to create an agreed upon approach for regulators and financial services firms to conduct effective testing to satisfy both supervisory and firm originated requirements. In this second version, published December 2020, these principles are updated based on the evolution of industry best practices and guidance from frameworks around the world.

Global Financial Markets Association (GFMA) Correspondence

The Global Financial Markets Association (GFMA), SIFMA’s global affiliate, serves as a forum to address international cyber risk. Correspondence includes consultations with the Bank of England, Financial Conduct Authority, Bank of International Settlements, Financial Stability Board and more.

Guidance for Small Firms

This program is intended to provide small firms with actionable cybersecurity guidance that is risk-based, threat-informed and supportive of their overall business model.

International Cybersecurity, Data and Technology Principles 

GFMA (SIFMA’s global affiliate), the European Banking Federation (EBF), and International Swaps and Derivatives Association (ISDA) published a paper that offers the groups’ thoughts on foundational principles for the formation of effective policy on cybersecurity, data and technology.

Quantum Dawn Exercises

SIFMA has organized the Quantum Dawn exercise series to enable both individual firms and the sector as a whole to test their response plans in the event of a systemic attack.

Sheltered Harbor

Sheltered Harbor is an initiative by the U.S. financial services sector to enhance customer data protection and ensure swift restoration of customer accounts in the event of a major cyber-attack.

Third Party Risk Management

The use of service providers to perform key operational functions presents various challenges and risks to financial institutions if not managed properly. This resource provides tools and guidance firms can leverage to improve their 3rd party risk management programs.

Government Agencies

Useful Links