03:20 PM
Connect Directly

DTCC Survey: Cyber Threat Ranked #1 Risk To Global Financial System

Despite geopolitical uncertainties, cyber threats are the financial industry's biggest worry, new data shows.

Cyber risk is the top-ranked overall risk to the global financial system, a new study released earlier this week found. 

The Q3 study conducted by The Depository Trust & Clearing Corporation (DTCC), shows 22% of respondents cited cyber risk as the single biggest risk, and 56% of respondents ranked it as a top five risk to the global financial system. Cyber risk was also ranked as the No. 1 risk in a Q1 survey by DTCC. 

Geopolitical risks, including the US presidential election outcome and Britain Exiting the EU (Brexit), also ranked in the  top 5 risks.   

Cybersecurity is not a new phenomenon to the list of concerns for the global financial system, says Michael Leibrock, chief systemic Risk Officer of DTCC. Respondents to previous DTCC surveys have listed cyber risk as a top risk since the launch of the first DTCC financial risks survey in 2013, says Leibrock. 

"Cyber risk has evolved from something that happened on an infrequent basis to happening on a regular basis globally and is impacting the financial services in a real way," Leibrock says.

The potential for cyberattacks to affect internal data as well cause financial and reputational losses may impact the weight of this risk, he notes. "Cyber risk is ever-present and is likely to stay here for the future." 

More eyes are on cybersecurity threats these days as the responsibility for security and risk management is delegated beyond those in traditional IT roles. "We've seen this natural evolution of cyber risk as an IT focused problem become a much broader business issue," says Stephen Scharf, chief security officer of DTCC. 

The study also found that North American financial organzations are more concerned about cybersecurity than the rest of the world: 57% of North American respondents cited it as a top concern, compared to 46% of the rest of the world. 

"It’s hard to know [why North Americans are more concerned with cyber risk than those in other parts of the world] without talking to all of the respondents," Leibrock says. "I just think that it could be a function of the some of the higher-profile incidents having happened in the US to North American companies. The European respondents are much more concerned about Brexit because it’s closer to home."

Dark Reading's all-day virtual event Nov. 15 offers an in-depth look at myths surrounding data defense and how to put business on a more effective security path. 

Regulatory agencies are paying closer attention to cybersecurity, he notes: three weeks ago, the Federal Reserve Board, OCC, and FDIC issued a joint advance notice of proposed rulemaking that proposed a regulatory framework around the security function, specifically how the CISO office and governance must be outside the first layer of defense. But input from multiple agencies can lead to a lack of clarity around process, Scharf warns.

"We've seen a number of new regulatory things come out specifically around cyber, and while we are extremely happy to see the regulatory community focus on cyber, there's not necessarily harmony that exists," Scharf says. "Different entities say this is how you should be doing cyber, but all have different opinions on how this should be done. We're trying to encourage harmonization in guidance so there is consistency."

Related Content:

Emily Johnson is the digital content editor for InformationWeek. Prior to this role, Emily worked within UBM America's technology group as an associate editor on their content marketing team. Emily started her career at UBM in 2011 and spent four and a half years in content ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Current Issue
5 Security Technologies to Watch in 2017
Emerging tools and services promise to make a difference this year. Are they on your company's list?
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.