A new report from the US Financial Stability Oversight Council (FSOC) warns financial services providers (and by implication, those that use them) that cybersecurity threats are the biggest challenge currently confronting the industry. Not surprisingly, the government agency calls for more government actions to address them.
“Financial institutions continue to invest in technology to increase efficiency and improve their services,” FSOC said in its newly released annual report for 2017. “However, greater reliance on technology, particularly across a broader array of interconnected platforms, increases the risk that a cyber incident will have severe negative consequences for financial institutions. If severe enough, a cybersecurity failure could have systemic implications for the financial sector and the US economy more broadly.”
The agency said a deep understanding of the operations, complexities, and interdependencies of the financial services industry is required to properly recognize cybersecurity risks and the systemic implications of potential cybersecurity failures. “The fact that the sector is overwhelmingly owned and operated by the private sector makes the need for a close partnership between government and industry important to better understand these risks,” it added. “Such a partnership helps maintain the integrity of US financial markets and the health of the US economy.”
FSOC also emphasized the importance of maintaining sustained senior executive attention on cybersecurity risks and their potential for broader, systemic problems. “To bolster understanding of these risks and improve cybersecurity resilience, the council supports the creation of a private sector council of senior executives that would focus specifically on ways that cyber incidents could impact business operations and market functioning and liaise with principal-level government counterparts on cybersecurity issues,” it said.
This body could help identify specific vulnerabilities in the ability of the financial services industry to provide critical products and services, as well as propose standards for cybersecurity and operational resilience.