Cyber security tops DTCC risk barometer
US post-trade utility the DTCC is reporting that almost half of the respondents in its most recent Systemic Risk Barometer Study cited cyber security as their top concern, making it the single largest fear and doubling its rating compared to just 12 months ago.
Security incidents continue to cause concern across the financial markets and other key industry sectors, with specific respondent feedback citing the growth in the “frequency and sophistication of cyber attacks”. As a result, many market participants have increased their investment in technology to detect and prevent cyber threats, with the goal of ensuring “uninterrupted access to (threat) data.” At the same time, firms have increased hiring for cyber security roles and have provided greater training and educational opportunities across their organisations.
“Cyber security threats continue to grow each and every day, as attackers become more sophisticated,” said Mark Clancy, head of CISO technology risk management at the DTCC and chief executive at Soltra. “With cyber security identified as the industry’s top risk, it is critical that we develop and implement solutions that enable the timely sharing of data to prevent incidents as well as to promote faster incident detection and response.”
The call for cyber threat data sharing has been echoed by market participants, regulators and infrastructure providers alike, as firms seek to share information to prevent and respond to attacks more quickly. Most recently, the US House and Senate took proactive steps to confront the cyber security challenge and are working towards enactment of legislation to improve information sharing to protect critical infrastructure.
In addition to cyber security, respondents cited geo-political risk, local market policies, the impact of new regulations, and a global economic slowdown as additional areas of systemic risk. In fact, 73% of respondents indicated they have increased the amount of resources dedicated to identify, monitor and mitigate systemic risk, a continued trend.
“The industry remains committed to continuing to identify and respond to all types of risk that could create firm-level or systemic incidents,” said Mike Leibrock, chief systemic risk officer at the DTCC. “Market participants are not only concerned with the reputational damage that could be caused to their organisations, but also the reputational impact to the industry as a whole.”
Recent cyber crime incidents include the discovery earlier this year of an online gang using the Carbanak malware which stole up to $1 billion from banks in 30 countries around the world in a series of highly-sophisticated attacks over the last two years; and the events of February 2015, when a joint international operation by Europol’s European Cybercrime Centre seized servers said to have controlled the Ramnit botnet that had infected 3.2 million computers internationally.
[i] 24% of respondents cited cyber security as the number one threat in DTCC’s Systemic Risk Barometer Study, March 2014.