Consisting of six easy-to-use one-page guides and checklists that provide senior management with actionable measures to improve their organization’s cyber security, the tool box exists in seven languages and is based on existing frameworks, policies, and standards from around the globe.

“The guides are designed to be practical, actionable, and easy-to-use to maximize their benefit and impact on financial institutions’ cyber resilience”, according to Tim Maurer, Co-director of Carnegie’s Cyber Policy Initiative. “When used properly, these tools will prevent dangerous hacks to financial systems across the world.”

Karel De Kneef, Chief Security Officer, SWIFT said: “A global and collaborative approach to the cyber threat is absolutely key, which is why the development of this tool box marks a major step forward. Cyber security is the number one priority for SWIFT and its community of over 11,000 customers, and we aim to remain at the forefront of threat intelligence sharing and best practice initiatives such as these.”

“The concise cybersecurity toolkit of Carnegie is an efficient and effective way of checking a firm’s compliance with prevalent good practice and internationally accepted information security standards,” according to Frank Adelman, cyber risk expert at the International Monetary Fund.

Cheri McGuire, Chief Information Security Officer, Standard Chartered highlights, “Created using the collective experiences from leading cyber security practitioners, these guides are practical tools for senior executives managing cyber security risk and will help improve the cyber resilience of firms of all sizes across the global financial sector.”

“To effectively manage today’s evolving threat landscape, organizations must be agile and constantly adapt their cybersecurity program. This tool box will support these efforts in protecting the financial sector by sharing best practices in three critical areas: intelligence, resiliency and prevention. The guides are particularly beneficial for institutions that are actively building out their cybersecurity governance and operational programs,” noted Steven Silberstein, CEO of FS-ISAC.

“The work done by CEIP to help financial institutions better address cybersecurity is spot-on. Its multi-pronged approach to help banks and others implement industry best practices is easy to understand and will be of great value to thousands of small institutions. GCA congratulates CEIP on this initiative," said Philip Reitinger, Global Cyber Alliance President & CEO.

“The Toolkit is an accessible way for financial institutions to improve their resiliency and be more agile in the face of growing cyber threats around the globe. The Cyber Readiness Institute is pleased to partner with Carnegie on this important effort and looks forward to continued collaboration as our organizations work together to help companies of all sizes become more cyber ready," added Kiersten Todt, Managing Director of the Cyber Readiness Institute.

The toolkit is the result of a year of work and engagement with experts in government and industry ranging from central banks to cybersecurity agencies and international bodies including the International Monetary Fund, the Financial Services Information Sharing and Analysis Center (FS-ISAC), and SWIFT.

The Tool Box contains: (1) Board-Level Guide: Cybersecurity Leadership; (2) CEO-Level Guide: Cybersecurity Leadership; (3) CISO-Level Guide: Protecting Your Organization; (4) CISO-Level Guide: Protecting Your Customers; (5) CISO-Level Guide: Protecting Connections to Third Parties; and (6) Incident Response Guide - each accompanied by a checklist and a supplementary report detailing the various standards and policies that informed the development of the tool box.

The Tool Box is freely available on the Carnegie Endowment website. In addition to English, the guides and checklists are available in Arabic, Dutch, Spanish, French, Portuguese and Russian.

To help disseminate the tool box, the Carnegie Endowment is partnering with several leading institutions in the field. Working with their clients and members around the world, the multilingual took box is designed to help improve the cyber resilience of the global financial system and the cyber hygiene of financial institutions and their customers alike.