Financial Crime World

Strengthening Cyber Resilience in the Financial Sector

The increasing threat of cyber attacks poses a significant risk to the stability and trust of the global financial system. It is essential for governments, central banks, supervisors, industry, and other stakeholders to work together to strengthen cyber resilience in the financial sector.

Recommendations for Strengthening Cyber Resilience

Develop a Basic Framework for Supervising Cyber Risk Management

  • The Financial Stability Board (FSB) should develop a framework for supervising cyber risk management at financial institutions.
  • This framework should provide clear guidelines and standards for managing cyber risks, including incident response plans and regular security assessments.

Strengthen Security through Information Sharing and CERTs

  • Governments and industry should strengthen security by sharing information on threats and creating financial computer emergency response teams (CERTs), modeled on Israel’s FinCERT.
  • CERTs can provide a centralized hub for sharing threat intelligence, coordinating incident responses, and providing guidance on best practices.

Increase Resilience Against Data and Algorithm Attacks

  • Financial authorities should prioritize increasing the financial sector’s resilience against attacks targeting data and algorithms, including secure encrypted data vaulting and regular exercises to simulate cyberattacks.
  • This includes implementing robust access controls, encryption, and intrusion detection systems to protect sensitive data and systems.

Reinforce International Norms

  • Governments should make clear how they will apply international law to cyberspace and strengthen norms to protect the integrity of the financial system.
  • This includes promoting responsible state behavior in cyberspace and encouraging other countries to adopt similar standards.

Establish Entities to Assist in Assessing Threats and Coordinating Responses

  • Governments can support these efforts by establishing entities to assist in assessing threats and coordinating responses, including intelligence gathering and sharing.
  • These entities can provide a centralized platform for collecting and analyzing threat intelligence, identifying patterns and trends, and developing effective response strategies.

Building Capacity in Cybersecurity

Training and Hiring Talented People

  • Elevated unemployment due to the pandemic provides an opportunity for training and hiring talented people to strengthen the cybersecurity workforce.
  • Governments, industry, and educational institutions should invest in programs that provide hands-on training and certification in cybersecurity skills.

Creating International Mechanisms

  • G20 governments and central banks could create an international mechanism to build cybersecurity capacity for the financial sector, with an international agency such as the IMF designated to coordinate the effort.
  • This mechanism can facilitate knowledge sharing, best practices, and capacity building initiatives across countries and regions.

Making Cybersecurity Capacity Building an Element of Development Assistance Packages

  • The Organisation for Economic Co-operation and Development and international financial institutions should make cybersecurity capacity building an element of development assistance packages and significantly increase assistance to countries in need.
  • This can help build the capacity of developing countries to respond to cyber threats, protect their critical infrastructure, and promote economic growth.

Conclusion

A comprehensive strategy, such as the one outlined above, is necessary to address the urgent challenge of cyber resilience in the financial sector. By working together, governments, central banks, supervisors, industry, and other stakeholders can build a more resilient and secure global financial system that protects the integrity of financial transactions and promotes economic stability.