Cyber risk is the top-ranked overall risk to the global financial system, a new study released earlier this week found.
The Q3 study conducted by The Depository Trust & Clearing Corporation (DTCC), shows 22% of respondents cited cyber risk as the single biggest risk, and 56% of respondents ranked it as a top five risk to the global financial system. Cyber risk was also ranked as the No. 1 risk in a Q1 survey by DTCC.
Geopolitical risks, including the US presidential election outcome and Britain Exiting the EU (Brexit), also ranked in the top 5 risks.
Cybersecurity is not a new phenomenon to the list of concerns for the global financial system, says Michael Leibrock, chief systemic Risk Officer of DTCC. Respondents to previous DTCC surveys have listed cyber risk as a top risk since the launch of the first DTCC financial risks survey in 2013, says Leibrock.
"Cyber risk has evolved from something that happened on an infrequent basis to happening on a regular basis globally and is impacting the financial services in a real way," Leibrock says.
The potential for cyberattacks to affect internal data as well cause financial and reputational losses may impact the weight of this risk, he notes. "Cyber risk is ever-present and is likely to stay here for the future."
More eyes are on cybersecurity threats these days as the responsibility for security and risk management is delegated beyond those in traditional IT roles. "We've seen this natural evolution of cyber risk as an IT focused problem become a much broader business issue," says Stephen Scharf, chief security officer of DTCC.
The study also found that North American financial organzations are more concerned about cybersecurity than the rest of the world: 57% of North American respondents cited it as a top concern, compared to 46% of the rest of the world.
"It’s hard to know [why North Americans are more concerned with cyber risk than those in other parts of the world] without talking to all of the respondents," Leibrock says. "I just think that it could be a function of the some of the higher-profile incidents having happened in the US to North American companies. The European respondents are much more concerned about Brexit because it’s closer to home."
Dark Reading's all-day virtual event Nov. 15 offers an in-depth look at myths surrounding data defense and how to put business on a more effective security path.
Regulatory agencies are paying closer attention to cybersecurity, he notes: three weeks ago, the Federal Reserve Board, OCC, and FDIC issued a joint advance notice of proposed rulemaking that proposed a regulatory framework around the security function, specifically how the CISO office and governance must be outside the first layer of defense. But input from multiple agencies can lead to a lack of clarity around process, Scharf warns.
"We've seen a number of new regulatory things come out specifically around cyber, and while we are extremely happy to see the regulatory community focus on cyber, there's not necessarily harmony that exists," Scharf says. "Different entities say this is how you should be doing cyber, but all have different opinions on how this should be done. We're trying to encourage harmonization in guidance so there is consistency."