The threat of cyber-attacks is prompting renewed vigilance by financial institutions, which must face with an escalating number of potential attacks at a time of constrained IT budgets.
“This is a theme that we are very concerned about, not just at DTCC but for the industry-at-large because not only are the types of cyber-threats becoming more sophisticated, but the volume of threats is growing,” said Michael Leibrock, managing director and chief systemic risk officer at Depository Trust & Clearing Corp. “Firms have had to ramp up their efforts dramatically in recent years, and some of these efforts were not necessarily part of their original, budgeted strategies, so it's becoming extremely cost-prohibitive for the financial sector to defend against these types of attacks.”
The tools and skills required to launch an attack are often well within the reach of individuals or groups bent on causing havoc within the financial systems, which puts most institutions at a disadvantage.
“It’s not a level playing field because a lot of cyber-attacks can be launched very inexpensively by a couple of people somewhere on a laptop, and it could impact the entire financial institution," Leibrock told Markets Media. "So the firm’s defense against the attack is much more costly than it is to launch the attack.”
Almost half of the respondents (46%) in DTCC’s most recent Systemic Risk Barometer Study cited cybersecurity as their top concern and 80% of respondents rated it as a top-5 risk. The survey was completed in Q1 2015, with responses from more than 250 market participants including DTCC clients and other key stakeholders. The survey is conducted twice per year, with feedback requested across market segments including investment managers, banks and broker-dealers.
Michael Leibrock, DTCC
“It allows us to take a pulse of the industry at large in terms of what firms and other constituents see as the biggest threat, so it's not just what DTCC's systemic risk team sees as crucial issues but also what does the industry-at-large see,” Leibrock said. “It helps inform our areas of focus within the company and in addition it helps inform our engagement with the industry.”
DTCC and the Financial Services Information Sharing and Analysis Center recently launched Soltra to facilitate sharing of information on cyber-attacks among critical infrastructure companies in real time.
“It's an information sharing group that is free to join and is open to any U.S. financial institution or regulatory body,” Leibrock said. “It's about sharing cyber-attack information in a near real-time basis so that firms find out almost immediately what was the nature of the most recent cyber-attacks so that other firms can put up their defenses and adjust their defenses accordingly.”
“Cybersecurity threats continue to grow each and every day, as attackers become more sophisticated,” said Mark Clancy, managing director, CISO technology risk management, DTCC and CEO, Soltra, said in the release. “With cybersecurity identified as the industry’s top risk, it is critical that we develop and implement solutions that enable the timely sharing of data to prevent incidents as well as to promote faster incident detection and response.”
Many market participants have increased their investment in technology to detect and prevent cyber threats, with the goal of ensuring uninterrupted access to threat data. At the same time, firms have increased hiring for cybersecurity roles and have provided greater training and educational opportunities across their organizations.
The call for cyber threat data sharing has been echoed by market participants, regulators and infrastructure providers alike, as firms seek to share information to prevent and respond to attacks more quickly. Most recently, the U.S. House and Senate took proactive steps to confront the cyber security challenge and are working towards enactment of legislation to improve information sharing to protect critical infrastructure.
Featured image by /Dollar Photo Club
