CYBERSECURITY IN U.S. CRITICAL INFRASTRUCTURE: FINANCE AND INSURANCE

The financial services sector consists of thousands of insurance companies, depository institutions, investment firms, credit and financing organizations, and the providers of critical financial utilities and services that support these functions.

Because the financial services sector provides the financial liquidity individuals and businesses need to run their lives, from personal lines of credit to mortgages to business loans and investments, the financial services sector is critical to the nation’s and the world’s economy. When the financial sector is healthy and vigorous, individuals can make the large purchases they need and save for retirement. In contrast, the private sector can take capital risks and drive business investments that help create jobs and fuel economic growth. Therefore, how well the financial services sector manages risk, especially cybersecurity risk, is vital to the nation’s overall health and economic activity.

The risks that cyber attacks pose to the financial sector have gained increased attention over the past few years. For instance, during a 60 Minutes interview this year, Federal Reserve Chairman Jerome Powell said that the risk they most keep their eyes on is “cyber risk.”

That’s for good reason: Successful attacks on individual financial services firms are disruptive and costly, while a successful attack on the financial system could be economically devastating. In this survey, we examined the ability of financial services firms to identify and protect against malware and ransomware attacks, detect and respond to such attacks, and, ultimately, their ability to recover from such attacks.