Testifying before the US House of Representatives committee on financial services subcommittee hearing on data security, Bentsen said: “There is likely no greater threat to financial stability than a large-scale cyber event.”
The financial services industry, in particular, is a top target, facing tens of thousands of attacks every day, he said, adding that an attack on the industry could have serious ramifications.
He said: “While data breaches of customer information dominate headlines, and are an appropriate concern for policymakers, a major cyberattack on critical financial market infrastructure or one that destroys records and financial data, is a risk with a potentially far larger impact on the economy.”
Improving harmonisation of regulatory standards and supervision could play a large part in tackling this risk. The emergence of several different regulatory regimes has meant industry resources have been diverted towards compliance, rather than to security itself.
Collaboration between industry players and regulators is key here, Bentsen said.
“It is important to recognise that no single actor—not the federal government, nor any individual firm—has the resources to protect markets from these threats on their own.”
“It is critical that we establish a robust partnership between industry and government to mitigate cyber threats and their impact. The industry’s resiliency will not be fully effective without the government’s help, and vice versa.”
He highlighted the importance of stringent data protection, raising concerns around the Securities and Exchange Commission and self-regulatory organisations’ (SROs) Consolidated Audit Trail (CAT), suggesting that the latest CAT technical specifications have included “alarmingly few details on data security and protection”.
Finally, Bentsen stressed that SIFMA is working closely with the securities industry on developing best practices for cybersecurity, and noted that security is a “combination of activities that relies on strong defences, information sharing, mitigation and recovery planning”.
He said: “The securities industry is constantly working to improve cyber defenses, resiliency and recovery through massive monetary investment in technology and personnel, regular training, industry exercises, and close coordination between the financial sector and the government, including our regulators.”