Regulators Pushing Banks To Amplify Efforts In Cyber

Today’s Wall Street Journal article “A Call to Arms for Banks” highlights growing regulatory concern and action related to financial systems cybersecurity.

the-long-arm-of-uncle-sam-just-got-longerThis week has seen a flurry of new activity in the sector, including the announcement of a cyber attack exercise dubbed “ quantum-dawn-2/" target="_blank" rel="noopener">Quantum Dawn 2“. The simulation, managed by the Securities Industry Financial Management Association (SIFMA)  is supposed to replicate a large, coordinated cyber attack to test the industry’s response.  This is not dissimilar to the Cyber Storm & Cyber Storm II exercises staged by the Department of Homeland Security in prior years.

US Treasury has continued hosting classified and non-classified briefings with large banking institutions to discuss the potential for continued attack activity on the industry.  During a June 12th web conference, the Office of the Comptroller of the Currency (OCC) released a statement “warning that cyber attacks are on the rise—particularly among small banks—as the number of potential targets expands.”…

The OCC also stated that “cyber attacks overall, including on banks, increased 42% in 2012, ranging from malicious software or phishing attacks, to well-publicized denial-of-service attacks.”  quoted “the largest growth in attacks was with businesses that had fewer than 250 employees.”

The Global Association of Risk Professionals commented that “OCC officials stressed that bank boards and management will be held responsible for sufficient cybersecurity policies and practices and that those must be monitored and adjusted periodically to deal with evolving threats.”

This is a clear precursor to the definition of additional regulatory controls, of which many will trickle down as risk management evidence requests.  As additional guidelines are issued, regulated banks will need support throughout interpretation, security investment and implementation, and management.