QOMPLX chief executive officer Jason Crabtree wrote for Dark Reading about common-mode failures and systemic cyber risk within the financial services and banking industries. While COVID 19 has ravaged world economies, systemic cyber risk is growing and could threaten the stability of the broader financial system. Read Jason’s commentary: “Too Big to Cyber Fail?”
Failures and disruptions within the banking and financial services industries brought on by cyber attacks can have devastating trickle-down effects and could threaten the stability of the global financial system.
In a commentary published in Dark Reading, Qomplx CEO Jason Crabtree explains that while U.S. banks and financial services companies are technology leaders and early adopters, they’re not “too big to fail” in the event of a catastrophic cyber attack. Recent attacks against organizations such as Travelex and Finastra illustrate this point.
In his commentary, Crabtree prescribes three steps that banks, government regulators, and policymakers can take to better manage systemic cyber-related risks. Those include: better transparency, the use of cyber insurance, and assigning board-level responsibility for cyber risk management.
- Transparency: Despite competitive or national security concerns, organizations must be willing to share information about cybersecurity incidents. Crabtree explains how this disclosure is crucial to boards and regulators alike.
- Cyber Insurance: Affirmative cyber insurance is nascent and suffers from a lack of comprehensive incident reporting that would improve accountability for insureds and carriers. Crabtree explains: “since cyber risk can be widespread and systemic, mutualization schemes might also be considered, enabling risk-sharing in a public private partnership.”
- Board-Level Responsibility: Boards and enterprise executives need to enforce a standard of care related to cybersecurity and risk, and must entrust an entity such as the CISO with the authority to carry this out. Crabtree also explains how boards must do more to understand cyber-related risk and the liability it brings not only to financials, but the broader economy.
Finally, Crabtree advises that the banking and public sectors need to act sooner rather than later. The current COVID-19 pandemic demonstrates how biologic threats can disrupt the economy and every aspect of societies worldwide. A cyber-related incident—because of the systemic risk shared by banks and financial institutions—could bring similar catastrophic disruptions.