Governmental Entities Bringing Financial Cybersecurity to Center Stage
Credit to Author: Bill Hogan| Date: Mon, 05 Jun 2017 08:20:49 -0700
By now, it’s no secret that cybercriminals have targeted, and continue to target, the financial services industry with advanced attacks that are designed to steal or otherwise jeopardize valuable data. As a result, many organizations have taken at least some initial steps to better secure their networks and the information that lives within them.
In fact, according to Duff & Phelps’ “Global Regulatory Outlook,” 86 percent of professionals in the financial services industry say their companies have plans to put more time and resources into cybersecurity in the coming year.
The truth is, financial services organizations aren’t alone when it comes to taking cybersecurity very seriously. Governments and other regulatory organizations have also put financial services cybersecurity in the spotlight over the past year.
Let’s take a closer look at a few of these instances.
Financial Services Cybersecurity Governmental Action on the State Level
On March 1, 2017, the New York State Department of Financial Services (DFS) started requiring banks and insurers across the state to meet minimum cybersecurity standards and to report any breaches that they experience. The rule also calls on organizations to designate a CISO who has the ability to govern cybersecurity policy and structure. Additionally, organizations’ security technologies must include threat detection and response capabilities, and they are also encouraged to scrutinize the policies that third-party vendors have in place. According to the order, “this regulation is designed to promote the protection of customer information as well as the information technology systems of regulated entities.”
Shortly after the requirements were instituted in New York, Colorado took action of its own. The Colorado Department of Regulatory Agencies has proposed new amendments to the Securities Act that would be similar in nature to the requirements in New York. If the amendments are adopted, entities would have to conduct annual cybersecurity risk assessments and implement a number of procedures designed to address encryption, authentication and more.
Financial Services Cybersecurity Governmental Action on the National Level
While there are many risks that face the American financial system, cybersecurity currently sits at the top of the list. This is according to remarks made by the chair of the U.S. Securities and Exchange Commission (SEC (News – Alert)) in May of 2016. Cybersecurity was put at the top of the list following an investigation finding that many large financial institutions lacked defenses that matched the sophistication of the threats they’re faced with.
The SEC isn’t the only national entity bringing cybersecurity to the forefront. The National Association of Insurance Commissioners (NAIC) is working on an Insurance Data Security Model Law that is aiming to establish a set of data security standards, and is pushing for investigations and notifications of security breaches of data to insurance providers.
Financial Services Cybersecurity Governmental Action on the Global Level
In addition to action on the state and national levels across the United States, cybersecurity for financial services has taken its spot on the world stage as well. G7 finance ministers and central bankers agreed on a set of cybersecurity guidelines that encourage nations to monitor their own cybersecurity readiness as well as that of the companies they regulate. Additionally, they call on nations to ensure public and private institutions are continually updating their cybersecurity defenses.
According to the authors of the guidelines, “Increasing in sophistication, frequency and persistence, cyber risks are growing more dangerous and diverse, threatening to disrupt our interconnected global financial systems and the institutions that operate and support those systems.”
Final Thoughts
Each of these examples is laying the groundwork for stricter governmental standards and regulations, around both the country and the globe. Financial services organizations should take the appropriate steps necessary to ramp up security efforts and stay in compliance as threats to the industry continuously evolve.
This byline originally appeared in Financial Tech Spotlight.