As cyber-threats against the financial sector become more frequent, complex and sophisticated, cross-industry coordination around response and recovery mechanisms are essential to mitigating the systemic consequences of a large-scale attack, according to a white paper published today by The Depository Trust & Clearing Corporation (DTCC), the premier post-trade market infrastructure for the global financial services industry, and Oliver Wyman, a leading global management consulting firm.
The white paper cites a need for additional efforts around specific cyber-scenarios and limited industry-wide testing as two key factors that could complicate the ability of banks and other financial institutions to react quickly to an attack.
The paper, which features extensive research and interviews with over 50 subject matter experts including financial services and non-financial services practitioners, recommends increased coordination across the industry, the development and implementation of standards to facilitate effective response and recovery and adherence to regulatory principles. Two key initiatives are suggested:
Developing a collective response & recovery plan, outlining key response and recovery requirements: The industry currently lacks standards around key considerations, including the definition of resumption and recovery; the criteria for safe resumption of operations; the appropriate timeframes for resumption and recovery; and plans for communicating with the public during a large-scale cyber-attack. The proposed initiative would identify collective actions to be taken upon the detection of a large-scale cyber-attack, based on a set of standardized criteria that is tailored to specific cyber-attack scenarios. Results would be included in industry playbooks.
Establishing contingent service arrangements: Given the complexity and broad scope of large-scale cyber-attacks, no single entity has all the required capabilities to address every possible attack and vulnerability. Regardless of the level of preparedness, there may be situations where a critical provider is unable to fulfill its services for an extended period, creating the need for contingent service arrangements. This initiative would explore arrangements to enable firms to continue critical operations if they or a partner suffer an outage from a cyber-attack.
Commenting on the ever-growing threats to the industry, Andrew Gray, Chief Risk Officer at DTCC, stated, ”An attack on one or more institutions or critical infrastructures could have a contagion effect across the financial system, especially as interconnectedness continues to grow. As a result, it is critically important that firms incorporate additional redundancies to ensure that the failure of any single institution can be contained and mitigated. To successfully achieve this, we must collectively prioritize resilience and recovery efforts across market participants, infrastructure providers, technology vendors and regulators. ”
Commenting on the need for further coordination, Paul Mee, Partner, Digital and Financial Services, Cyber Platform Lead at Oliver Wyman, stated, “Mitigating the systemic consequences of the increasing threat of large-scale cyber-attacks on the financial system is matter of national and international security. In what is arguably a global cyber arms race, it is clear that major players need to be prepared, connected and coordinated in order to effectively respond to and rapidly recover from a large-scale cyber-attack.”
To move these efforts forward, the paper suggests identifying initiative owners, key stakeholders and responsibilities, as well as the further exploration of specific objectives and implementation plans. Download the document now 1.6 mb (Chrome HTML Document)