SADLY, IT IS MORE COMMON than not to be the victim of a cyber attack. As a former CFTC official, I found out recently that I was one of the four million current and former government officials who had their most personal information compromised by a breach of the U.S. Office of Personnel Management systems. And there have been plenty of similar headlines in the past year: Home Depot, Sony and Anthem just to name a few. Even FIA was the target of a “phishing” incident, requiring us to bolster our cyber defenses.
The financial services sector and the critical infrastructure it supports are attractive targets for hackers and cyber criminals. IOSCO reports that more than half of the world’s exchanges have experienced a cyber attack. And some experts estimate that financial institutions are four times more likely to be attacked than other industries. Across all industries, the total number of cybersecurity incidents rose by 48% from 2013 to 2014. The threat is not just growing, but it’s growing at an increasing rate.
As cyber crime has risen, the infrastructure of our industry has been evolving. More trades are centrally cleared, which creates a web of interconnected activity. An attack at one organization can have a ripple effect throughout the financial industry. A data breach not only hobbles a company by cutting through its networks, but it also has serious implications in terms of customer confidence: 82% of businesses would consider leaving a financial institution that had suffered a breach, according to a 2014 report on global IT security risks by Kaspersky Labs.
No one is immune to these attacks. Cybersecurity experts will tell you that there are only two kinds of organizations: those that have been breached, and those that don’t know they’ve been breached. Unfortunately, with continually evolving threats, there is no such thing as bulletproof protection from cyber crime. Instead, we need to shift our focus to cyber risk management.
Cyber Attacks on the Rise
SOURCE: 2015 PwC Global State of Information Security Survey.
The good news is that our industry knows quite a lot about risk management. We also have a number of resources in place already. The Financial Services Information Sharing and Analysis Center (FS-ISAC) not only provides analysis and education on cybersecurity, but also distributes anonymous real-time information about cyber threats so member organizations can quickly respond. I encourage you to visit its website to learn more about how FS-ISAC can help your organization.
FIA has made cybersecurity a priority in 2015, inviting world-renowned experts to speak at our conferences, sharing cybersecurity resources with our membership and hosting webinars with cyber experts. We have taken part in CFTC roundtables on cybersecurity and are looking forward to working with regulators to develop flexible standards that allow for innovative and evolving responses to cyber threats.
It is imperative that we get smart on this issue and do it fast. All of us should be reexamining our current cyber policies and procedures against best practices and the guidance of regulators. Being prepared is what FIA and this industry does best. As with other industry business continuity challenges like Y2K, 9-11, Superstorm Sandy, and most recently the Leap Second, we know that communication and testing is the best assurance to prepare for these threats. On both of these fronts, FIA hopes to be a resource for its members in staying ahead of the curve.