Poll: Banks' fears of cyberattacks grow

Banks are more worried than ever about cyberattacks.

A third of financial institutions list cyber risks as their primary concern in a survey out Thursday, and 84 percent call it a top-five concern. Those numbers have shot up since March, when only 59 percent listed cyberattacks as a top-five worry and 24 percent ranked it No. 1.

ADVERTISEMENT

Their tune has changed following major data breaches at Home Depot and JPMorgan, among other companies.

The Depository Trust & Clearing Corporation (DTCC) — a financial services advocate whose board includes officials from JPMorgan, Bank of America, Citigroup, Goldman Sachs and Morgan Stanley — conducted the survey in early October.

The results come after a week of back-and-forth between the finance sector and government over cybersecurity regulations. At the same time financial industry groups are issuing recommendations for new cyber rules, state and federal lawmakers are pressing regulators to tighten their cyber crime oversight.

New York’s banking supervisor, Benjamin Lawsky, this week asked financial organizations to delineate their monitoring practices for third-party-vendor cyber risks.

Lawsky is contemplating applying New York’s bitcoin cybersecurity standards to banks. Privacy groups have criticized the regulations.

The Treasury Department is also contemplating how it can boost the financial industry's cybersecurity defenses, The New York Times reported this week.

The financial sector must “share information about attackers’ activities” to shift “the model from individual institutions' static defenses to dynamic community responses,” said Mark Clancy, DTCC’s corporate information security officer. “This shift requires both the maturation of operational capabilities and public policy frameworks to be successful.”

The DTCC report notes “no comprehensive cybersecurity legislation has been passed by Congress and signed into law.”

The Senate is currently stalled in its discussions of a number of bills that would facilitate the sharing of cyber threat information among the private sector and various government agencies.