Cyber-security top issue for systemic risk says DTCC
Greater information sharing and closer collaboration between the public and private sectors are needed to combat cyber-attacks, which are now the principal concern of the financial services industry, according to the DTCC.
A top priority should be the creation of global industry working groups to engage with national regulators on the development of cyber-security regulations that address the real-time and evolving nature of cyber-threats.
A record 84% of respondents in DTCC’s Systemic Risk Barometer identified cyber-risk as one of their top five concerns – an increase of 25 points since the last survey in March 2014. Furthermore, 33% ranked cyber-attacks as the number one systemic risk to the broader economy, up from 24% from March.
Despite progress in recent years, information sharing “remains insufficiently coordinated”, concludes the DTCC, which has published a white paper on the topic: Cyber-Risk: A Global Systemic Threat.
“Building information partnerships among key stakeholders is critical to developing the most comprehensive and effective tools for promoting cyber-security across the financial system and in our critical infrastructures,” said Michael Leibrock, DTCC chief systemic risk officer. “The best way to achieve these alliances is through a truly coordinated and open approach across industries and national borders. With concerns about the potential wide-spread impact of cyber-threats growing rapidly given the recent high-profile cyber-attacks, our white paper provides a solid platform for greater discussion around this very real risk.”
As well as recommending the creation of working groups, the paper says there is a need for “those charged with developing strategies for cyber-security to shift the focus of programmes from ‘check the box’ security to actively hunting threats”.
“No institution – large or small, public or private – is immune to a potential cyber-attack,” said Mark Clancy, DTCC corporate information security officer and CEO of Soltra. “All of us need to become agile in response to these rapidly evolving threats by being able to share information about attackers’ activities between multiple stakeholders and shifting the model from individual institution’s static defences to dynamic community responses. This shift requires both the maturation of operational capabilities and public policy frameworks to be successful.”
Other topics covered in the paper include:
- The need for organisations to develop, execute and enhance institutional cyber-resilience to protect core business functions.
- A global overview of public policy initiatives designed to safeguard critical infrastructure, protect national security and ensure data privacy.
- Recommendations for addressing future cyber-threats drawing on best practices and lessons learned by cyber-defenders.
The DTCC Systemic Risk Barometer is an on-going survey that monitors emerging trends on significant risks that affect the safety, resiliency and stability of the global financial system. The Barometer reflects feedback provided by a wide variety of respondents, including DTCC clients, as well as financial industry professionals from regulatory bodies, academia and research organisations worldwide.
In addition to the findings on cyber-risk, the survey’s other key findings include:
- 64% of respondents also cite the impact of new regulation as a top five concern
- 62% of respondents identified geopolitical risk as a top five concern
- 37% of respondents said that the probability of a high-impact event in the global financial system has increased during the past six months – up 16 points since March 2014.
- In line with these results, 76% of all respondents indicated they have increased the amount of resources dedicated to identifying, monitoring and mitigating systemic risks over the past year.