Markets In Action

Cybersecurity: Six Ways the Financial Industry is Already Leading the Way

The February 4 headline was just the latest version of one we’ve seen with alarming frequency: “Health Insurer Anthem Hit By Hackers.” The news that the insurance giant’s database had been hacked, exposing the personal information of some 80 million customers and employees, underscores the need for a heightened awareness of cybersecurity.

That’s why it’s good to see that the White House is hosting a Summit on Cybersecurity and Consumer Protection at Stanford University this week, where leaders from the worlds of government, industry, law enforcement, consumer advocacy and other fields will focus on strategies to bolster the nation’s cyber defenses.

Announced last month by President Obama in his 2015 State of the Union address, it’s the latest reflection of how cybersecurity has rapidly ascended to the top of the national agenda.

For the Securities Industry and Financial Markets Association (SIFMA) and our members, that recent national focus on cybersecurity is nothing new—it’s something we’ve been leading the way on for years.

Here are six ways in which the financial industry has already laid down the marker on improving cybersecurity policy:

  1. Hosting a cybersecurity conference: On February 4, SIFMA hosted a joint Cybersecurity Conference in New York in conjunction with the Financial Institutions Regulatory Authority (FINRA) to emphasize the need for industry and market preparedness. The conference was an important step in bringing together experts from the private and public sectors to focus on the need for improved risk management to protect financial institutions and their clients from cyber attacks. (Read SIFMA President and CEO Kenneth Bentsen’s opening remarks from the conference here).

  3. Crafting cybersecurity guidance for small firms: It’s estimated that 31 percent of cyberattacks target companies with fewer than 250 employees—perhaps because hackers may view smaller companies as more vulnerable. In response, last year SIFMA published the Small Firms Cybersecurity Guidance Handbook, detailing the steps that smaller firms can take to protect themselves and their customers from attack.

  5. Simulating cyber attack and response: In October 2013, SIFMA spearheaded “Quantum Dawn 2, a full-scale simulation of a systemic attack on the U.S. equities markets. The simulation included more than 500 participants from 50 different financial sector entities to test their response to cyberattacks and to coordinate with other companies and government agencies. By simulating how a cyberattack might play out, SIFMA and its partners sought to assess areas of risk, test and improve crisis response plans, and improve communication — all with the goal of building resiliency and blunting the potential impact of future incidents.

  7. Working with Congress to share perspectives and shape legislation: SIFMA has been on the front lines working with Congressional staff and testifying to committees on the need for enhanced information-sharing and improve coordination between the private and public sectors to counter cyber threats. As Congress takes a greater interest in cybersecurity, we’ll continue working to share the industry perspective on building a cyber policy that works for everyone.

  9. Providing industry input for regulators: With regulators taking a greater interest in the challenge of cybersecurity, it’s important to work from shared principles to ensure that the regulatory framework and industry standards work together to provide the most effective protection. SIFMA published in October “10 Principles for Effective Regulatory Guidance,” aimed at strengthening the cybersecurity partnership between government and industry.

  11. Promoting information-sharing partnerships: Recognizing the important obligation that the industry has to help strength cyber defenses, SIFMA is urging its members to join the Financial Services Information Sharing and Analysis Center (FS-ISAC), a financial sector initiative to improve communication and coordination on cybersecurity. SIFMA has even underwritten memberships in the FS-ISAC for more than 180 of our smaller member firms.

Those are just of the few of the ways SIFMA and our members in the financial industry have been focused on cybersecurity solutions in recent years. And there will be more to come as we focus on developing additional standards for firms of all sizes, based on the National Institute of Standards and Technology Cybersecurity Framework, and as we continue to advance industry education initiatives.

It is important to recognize that most attempted cyberattacks fail. But the few that do manage to succeed undermine confidence and can be costly for industry and customer alike. And as cybercriminals grow increasingly sophisticated, it’s important for the business community and government to work together to prevent attacks

The financial industry, along with the larger business community, welcomes the enhanced attention to cybersecurity policy from Washington. After a steady flow of media reports detailing how private companies, government agencies and other entities have been targeted for data breaches, it’s about time.