(Pictured: Michael Leibrock)
Cyber risk has now swamped new regulatory hurdles and the possibility of another US recession as the greatest risk facing global financial institutions, according to the latest risk survey by DTCC, the industry-owned post-trade financial infrastructure company.
In the wake of several recent high-profile cyber attacks on major sectors of the global economy, starting with a well-publicised one on JP Morgan in New York, cyber security now ranks as the principal concern of the financial services industry.
In response to the heightened concerns from its customers, which include most of the world’s big financial institutions, DTCC (Depository Trust & Clearing Corporation) has produced a white paper, Cyber-Risk: A Global Systemic Threat. The paper finds that despite progress in this area in recent years, information sharing remains insufficiently coordinated.
The company’s latest survey, published last week, showed a record 84 per cent of respondents identified cyber-risk as one of their top five concerns – an increase of 25 points since the last survey was conducted in March 2014. Furthermore, 33 per cent ranked cyber-attacks as the number one systemic risk to the broader economy, up from 24 per cent from March 2014.
Michael Leibrock, DTCC’s ‘chief systemic risk officer’, said: “Building information partnerships among key stakeholders is critical to developing the most comprehensive and effective tools for promoting cyber-security across the financial system and in our critical infrastructures… The best way to achieve these alliances is through a truly coordinated and open approach across industries and national borders. With concerns about the potential wide-spread impact of cyber-threats growing rapidly given the recent high-profile cyber attacks, our white paper provides a solid platform for greater discussion around this very real risk.”
The white paper provides global policy makers and the financial community with a number of recommendations to strengthen resiliency from cyber-risks. As a top priority, the paper calls for the creation of global industry working groups to engage with relevant national regulators on the development of cyber-security regulations that address the real-time and evolving nature of cyber-threats. In addition, the paper cites the need for those charged with developing strategies for cyber-security to shift the focus of programs from ‘check the box’ security to actively hunting threats.
Other discussion points include:
> The need for organisations to develop, execute and enhance institutional cyber-resilience to protect core business functions.
> A global overview of public policy initiatives designed to safeguard critical infrastructure, protect national security and ensure data privacy.
> Recommendations for addressing future cyber-threats drawing on best practices and lessons learned by cyber-defenders.