New York: New York’s top banking regulator will meet with the chief executives of several financial institutions to discuss their ability to withstand and prepare for cyber threats in the wake of JPMorgan Chase’s data breach.
“We’re reaching out to our regulated entities and trying to have high-level conversations not about this hack quite frankly because it’s one of many. This is a chance to re-emphasise and remind everyone that this isn’t just an issue that should be on a list of problems and things to worry about and work on,” said Benjamin Lawsky, the superintendent for New York’s Department of Financial Services.
“The cyber threat has to become urgent, one of the most important issues facing financial sector chief executives. It’s got to be at the chief executive level. It is not an IT problem. It is a bank problem,” he added.
Last Thursday JPMorgan, the biggest US bank by assets, said the names, addresses, telephone numbers and emails of 76 million households had been compromised by a cyber attack.
The bank also said there was “no evidence” that account information or social security numbers were accessed. People familiar with the matter said that the attack eminated from Russia.
The data breach is one of the largest as measured by customers affected and is serving as a warning shot for financial institutions about the threats to their systems.
Banks are targeted almost daily, according to security experts, because of the breadth of information they hold, such as takeover negotiations, and their importance to the capital markets and financial system.
Four years ago Nasdaq suffered a breach but the attackers did not penetrate deeply into the systems. Since then, security experts and law enforcement officials, say the threat has grown.
“The question we need to all ask as regulators is should we be considering the cyber threat as something as fundamental to institutions as capital levels. I’m not saying yet that they’re equal but we should probably start discussing them in the same breath,” Lawsky said.
DFS does not regulate JPMorgan, since it is a nationally chartered bank, but he said his staff were briefed on the breach last week.
Intelligence and law enforcement officials have for years warned the financial sector and energy industry to be prepared for cyber attacks. FBI officials meet with the financial industry frequently and in recent years have also met with law firms, which house sensitive information for a range of clients.
The Securities and Exchange Commission has issued guidance to companies that have been attacked. Both the SEC and DFS are implementing specialised cyber preparedness examinations of the companies they regulate.
Lawsky said in 2015 cyber security would be a top priority for DFS, which regulates banks and insurance companies. A survey by DFS of large and small financial institutions in May found that most had experienced a cyber attack over the past three years.
Specifically, Lawsky is also hoping to encourage the industry to take more proactive steps in protecting themselves. One way to do it, he believes, is by encouraging the growth of cyber insurance, which to date has largely been capped policies. Lawsky has likened it to the role that fire insurance played in improving building codes.
— Financial Times