'Clear and present danger' of cyber crime requires cooperative responseReprints
LONDON — Organizations in the financial and professional services sectors must collaborate to help fight cyber risks, according to a panel of experts gathered in London on Tuesday.
“Cyber crime is a clear and present danger,” John McFarlane, chairman of Barclays P.L.C. and chairman of TheCityUK, told attendees at the launch of a cyber report produced by TheCityUK and Marsh Ltd.
Cyber threat is a shared issue, he said, and companies within the financial services and related professional services sector — which TheCityUK represents — must work together to share information to help combat the risks, Mr. McFarlane said.
The report, “Cyber and the City: Making the U.K. Financial and Professional Services Sector More Resilient to Cyber Attack,” published Tuesday, contains recommendations for individual firms and for the financial and professional services sector as a whole to help minimize cyber risks.
It recommends that individual companies make cyber risk a standing issue on the board or risk committee agenda; ensure cyber risk is part of strategy, investment cases, acquisitions and appraisals; have a broad-based team with input into cyber risk management; and monitor cyber readiness against a 10-point checklist for boards.
That board checklist advises company boards to ensure that cyber threats have been identified and sized, that supplier, customer, employee and infrastructure risks are being managed, and that cyber insights are being shared and gained from peers, among other recommendations.
The financial and professional services sector is advised to set up an industrywide cyber forum; set an agenda for that forum focused on systemic cyber risk reduction; make the case to the government for cyber investment to be offset against industry-specific taxes; and encourage the adoption of cyber standards in lending, underwriting and investment decisions.
Companies must have “diligent risk governance” and have a plan for how to respond when an attack occurs, said Sir Iain Lobban, former head of the U.K. government communication headquarters, GCHQ.
“The risk is morphing,” he said, and is no longer simply about financial gain but now is also fueled by the desire of some cyber criminals to cause disruption and denial.
“You need to show curiosity around this issue; there is learning to be done,” he said.
Collaboration is very important, Mr. Lobban added.
“This is not a competitive issue — we need partnership,” he said, adding that he hoped there would be a shift from companies being pilloried when they suffer a breach to being lauded for their openness and response in the wake of any cyber attack.
The problem of cyber aggregation risk for insurers and reinsurers as well as the financial services sector “really needs to be understood,” said Mark Weil, CEO of Marsh Ltd.
He said that the financial services sector must work together to assess this.