Cross-industry coordination around response and recovery mechanisms are essential to mitigating the systemic consequences of a large-scale cyberattack, according to a white paper published today by The Depository Trust & Clearing Corporation (DTCC).
DTCC, which released the paper on 20 March, said there “is a need for additional efforts around specific cyber-scenarios and limited industry-wide testing”.
These factors, it explained, were two key factors that “could complicate the ability of banks and other financial institutions to react quickly to an attack”.
The paper features research and interviews with comment from over 50 industry respondents from various financial services and non-financial services practitioners.
The respondents recommended increased coordination across the industry, the development and implementation of standards to facilitate effective response, and recovery and adherence to regulatory principles.
The development of a collective response and recovery plan, outlining key response and recovery requirements and the establishment of contingent service arrangements were among two key initiatives mentioned in the paper.
Andrew Gray, chief risk officer at DTCC, said: “An attack on one or more institutions or critical infrastructures could have a contagion effect across the financial system, especially as interconnectedness continues to grow. As a result, it is critically important that firms incorporate additional redundancies to ensure that the failure of any single institution can be contained and mitigated.”
He added: “To successfully achieve this, we must collectively prioritise resilience and recovery efforts across market participants, infrastructure providers, technology vendors and regulators.”
Paul Mee, partner and cyber platform lead of digital and financial services at Oliver Wyman, commented: “Mitigating the systemic consequences of the increasing threat of large-scale cyber-attacks on the financial system is matter of national and international security.”
He added: “In what is arguably a global cyber arms race, it is clear that major players need to be prepared, connected and coordinated in order to effectively respond to and rapidly recover from a large-scale cyberattack.”
.jpg)