The Institute of International Finance (IIF), an industry trade group, issued a new staff paper Thursday that analyzes the relationship between cyber attacks and the financial services sector, and details the measures being taken to guard against the threat. The paper suggests more could be done.
Among other things, the IIF calls for greater collaboration between the industry and regulators on effective cybersecurity practices. It also advocates removing impediments to sharing information across the financial system.
The report notes that: “It is especially important to develop and promote a globally accepted cyber-related regulatory landscape that help address the increasing concern of the observed regulatory fragmentation that stems from different jurisdictions issuing cyber-related regulations that are not consistent or even conflict with each other.”
The IIF also calls for greater efforts to thwart possible global attacks. “Vulnerabilities of the system should be addressed as soon as possible, and it takes deep and constant communication among all parties to accelerate that work as much as possible. Where there are regulatory hurdles to information sharing, these should be addressed and platforms should be created that can help remove the limitations on data sharing,” the report says.
Law enforcement could be given additional tools to help stop attacks and minimize damage, the paper notes. “For example, there could be closer international agreements to expedite extradition of hackers, impose penalties on non-co-operative countries or cyber-havens. There could also be measures in place to avoid crashes or contagion effects, etc. Better co-ordinated enforcement would disrupt the cost-benefit that encourages profit-seeking cyber-criminals, therefore reducing the likelihood of attacks,” it says.
“Cyber-resilience of the financial system must be approached holistically considering all the actors involved, using the many technical and legal tools available, developing new ones if needed, and always seeking international co-operation and promoting harmonization,” the paper concludes. “Cyber attacks do not stop at the border, and neither should the efforts aimed at responding to them.”