Operations
11/9/2016
03:20 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

DTCC Survey: Cyber Threat Ranked #1 Risk To Global Financial System

Despite geopolitical uncertainties, cyber threats are the financial industry's biggest worry, new data shows.

Cyber risk is the top-ranked overall risk to the global financial system, a new study released earlier this week found. 

The Q3 study conducted by The Depository Trust & Clearing Corporation (DTCC), shows 22% of respondents cited cyber risk as the single biggest risk, and 56% of respondents ranked it as a top five risk to the global financial system. Cyber risk was also ranked as the No. 1 risk in a Q1 survey by DTCC. 

Geopolitical risks, including the US presidential election outcome and Britain Exiting the EU (Brexit), also ranked in the  top 5 risks.   

Cybersecurity is not a new phenomenon to the list of concerns for the global financial system, says Michael Leibrock, chief systemic Risk Officer of DTCC. Respondents to previous DTCC surveys have listed cyber risk as a top risk since the launch of the first DTCC financial risks survey in 2013, says Leibrock. 

"Cyber risk has evolved from something that happened on an infrequent basis to happening on a regular basis globally and is impacting the financial services in a real way," Leibrock says.

The potential for cyberattacks to affect internal data as well cause financial and reputational losses may impact the weight of this risk, he notes. "Cyber risk is ever-present and is likely to stay here for the future." 

More eyes are on cybersecurity threats these days as the responsibility for security and risk management is delegated beyond those in traditional IT roles. "We've seen this natural evolution of cyber risk as an IT focused problem become a much broader business issue," says Stephen Scharf, chief security officer of DTCC. 

The study also found that North American financial organzations are more concerned about cybersecurity than the rest of the world: 57% of North American respondents cited it as a top concern, compared to 46% of the rest of the world. 

"It’s hard to know [why North Americans are more concerned with cyber risk than those in other parts of the world] without talking to all of the respondents," Leibrock says. "I just think that it could be a function of the some of the higher-profile incidents having happened in the US to North American companies. The European respondents are much more concerned about Brexit because it’s closer to home."

Dark Reading's all-day virtual event Nov. 15 offers an in-depth look at myths surrounding data defense and how to put business on a more effective security path. 

Regulatory agencies are paying closer attention to cybersecurity, he notes: three weeks ago, the Federal Reserve Board, OCC, and FDIC issued a joint advance notice of proposed rulemaking that proposed a regulatory framework around the security function, specifically how the CISO office and governance must be outside the first layer of defense. But input from multiple agencies can lead to a lack of clarity around process, Scharf warns.

"We've seen a number of new regulatory things come out specifically around cyber, and while we are extremely happy to see the regulatory community focus on cyber, there's not necessarily harmony that exists," Scharf says. "Different entities say this is how you should be doing cyber, but all have different opinions on how this should be done. We're trying to encourage harmonization in guidance so there is consistency."

Related Content:

Emily Johnson is the digital content editor for InformationWeek. Prior to this role, Emily worked within UBM America's technology group as an associate editor on their content marketing team. Emily started her career at UBM in 2011 and spent four and a half years in content ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Diane C.B130
50%
50%
Diane C.B130,
User Rank: Apprentice
6/22/2017 | 2:53:02 PM
Pending Review
This comment is waiting for review by our moderators.
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
The Dark Reading Security Spending Survey
The Dark Reading Security Spending Survey
Enterprises are spending an unprecedented amount of money on IT security where does it all go? In this survey, Dark Reading polled senior IT management on security budgets and spending plans, and their priorities for the coming year. Download the report and find out what they had to say.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.