The Sony Pictures hack that came to light in late 2014, exposing sensitive corporate communications, disrupting the planned release of one of the studio’s films and causing significant destruction to its business systems starkly illustrated the growing threat of cyberattacks.
It was only the latest in a line of cyberattacks that have put industry and consumers on high alert. Criminal hackers can target virtually any entity—government agencies, educational institutions, private companies, hospitals and others—to gain access to sensitive personal information and potentially do real harm.
Given how extensively we rely on information technology to manage our data and conduct business, it’s an alarming realization for all Americans.
That’s why the Securities Industry and Financial Markets Association (SIFMA) has led the way on behalf of the financial industry by developing a set of 10 principles for cybersecurity regulatory guidance that will provide regulators a framework for cybersecurity.
This month, President Obama weighed in presenting his own proposals to protect against cyberattacks. In a January 12 speech at the Federal Trade Commission (FTC) in Washington, the president emphasized the need for heightened cybersecurity cooperation between the private sector and the government. He’s expected to build on this in his January State of the Union Address on January 20.
“If we’re going to be connected, then we need to be protected,” the president said in his remarks at the FTC. “As Americans, we shouldn’t have to forfeit our basic privacy when we go online to do our business.”
The president’s proposals include:
- voluntary information sharing between the government and private industry, with special liability protections for companies that participate;
- new measures to protect against identity theft;
- tougher criminal penalties against the perpetrators of cyberattacks; and
- funding for training cybersecurity experts, and more.
A White House fact sheet provides additional details.
The administration’s engagement on this key issue is timely, given the mounting frequency and sophistication of cyberattacks. To be sure, industry experts note that most cyberattacks do not succeed in exposing personal information or breaching defenses. Yet, it takes only a small percentage of successful attacks to undermine public confidence and to raise costs for businesses.
Those costs can be particularly acute for financial firms, as a recent study by PriceWaterhouseCoopers (PWC) suggests. According to the firm’s Global State of Information Security Survey for 2015, the number of detected threats to firms’ computer security has grown steadily in recent years. And the cost of those security incidents has also grown. The number of firms reporting losses of between $10 million and $20 million grew by 141 percent from 2013 to 2014, the survey found.
Against that backdrop, a bipartisan, partnership approach to cybersecurity that draws on the expertise of both government and private sector is essential, as the president noted.
That approach was welcomed by SIFMA President and CEO Kenneth Bentsen, who underscored the need for public-private partnership on cybersecurity. A collaborative approach is more likely to lead to cybersecurity solutions that will be more responsive to the changing nature of hacker threats.
“We commend the administration for their focus on this critically important issue and agree that a robust partnership between the private sector and government is the most effective way to mitigate cyber threats,” Bentsen said in a statement. “We have long encouraged Congress to pass cybersecurity legislation that strengthens our nation’s cyber defenses by codifying liability protections that promote enhanced information sharing between the industry and government while balancing the need for important privacy protections for individuals.
“The industry remains committed to doing everything it can to prepare for and defend against a cyber attack,” Bentsen concluded.
Of course, the president’s proposals are only a first step—they still need to be considered in Congress. Policymakers in both the executive and legislative branches should work to ensure that the eventual package reflect the principles SIFMA has proposed.
Perhaps most importantly, policymakers in a frequently gridlocked Washington must recognize that cybersecurity policy should transcend ideology and partisan differences.
“Liberal, conservative, Democrat, Republican, everybody is online, and everybody understands the risks and vulnerabilities as well as opportunities that are presented by this new world,” Obama said in his January 12 speech. “Business leaders want their privacy and their children’s privacy protected, just like everybody else does. Consumer and privacy advocates also want to make sure that America keeps leading the world in technology and innovation and apps. So there are some basic, common sense, pragmatic steps that we ought to all be able to support.”
The president deserves credit for elevating the issue of cybersecurity as a priority on the national agenda. SIFMA looks forward to working with Congress and the administration to make these new standards a reality.