Welcome to the IIAC’s Cybersecurity Resource Centre
In a matter of a few years, the issue of cyber crime has gone from being a rather limited IT issue to one which demands the attention of senior executives and board members.
The prevailing expert opinion is that eventually, all firms will be subject to some sort of cybersecurity incident. As cyber criminals have become more sophisticated, and attacks have become much more prevalent, the potential for serious financial, operational and reputational damage from a cyber attack is becoming recognized as a critical risk that must be managed at the highest levels of an organization.
Financial services firms, in particular, are targeted at high rates. This is due to a number of factors, including their direct and indirect access to financial assets, sensitive client information, information about potential and current transactions, and trading data and algorithms. In addition, the profile and symbolic status of financial firms as institutions of power and capitalism make them a target for hacktivists.
The financial industry is particularly vulnerable to cybersecurity threats due in part to the fact that its operations are extremely reliant on technology. In addition, there are many technological interconnections between firms, their employees, third-party service providers, data vendors, marketplaces, and the vast number of other institutions that comprise the financial markets. The amount of data that is generated and shared between these entities can be extremely valuable and every data entry point and system intersection provides a target for those seeking access.
The level and types of threats will vary among firms, depending on their size, business model and profile. Smaller firms should be aware that they are as much a target as larger firms. The 2015 Symatech Annual Internet Security Threat Report indicated that in 2014, 60% of all targeted attacks struck small- and medium-sized organizations.
As such, it is critical that all firms develop and maintain comprehensive cybersecurity plans to protect themselves, their clients, and the industry in general, from the damage that a cyber attack can inflict. Having a robust cybersecurity program will not eliminate all cyber risks or guarantee that the firm will not be a victim of a cyber incident. It will, however, allow a firm to manage risks through an informed decision-making process. This is also known as cyber resilience.
The IIAC is committed to assisting our Members in their efforts to be cyber-resilient. This cybersecurity section of our website contains information, tools and links to resources intended to assist firms in developing and maintaining their cybersecurity plans.