This means firms not only need to understand the risks, but they also need to be proactive in forming strategies to safeguard against them. Four areas are critical to achieving these objectives and advancing operational resilience and cybersecurity capabilities.

Jason Harrell, Managing Director, Operational and Technology Risk/Head of External Engagement, DTCC

    1. Third-party and supply chain risk management

    As a result of increasing reliance on third parties to deliver critical operations, financial institutions and authorities continue to identify and document effective practices to mitigate the risks faced. At the end of 2023, the Financial Stability Board published its toolkit, Enhancing Third-Party Risk Management and Oversight that could drive enhancements to third-party risk programs that deliver increased operational resilience for firms.

    2. Cyber incident reporting

    Knowledge is power, and the ability to quickly share incident information with the right audience — with the proper amount of detail — can collectively help protect the global financial markets. Unfortunately, the evolution of cyber incident reporting has led to disparate reporting frameworks across jurisdictions, making it more difficult to achieve this ultimate goal. It is anticipated that several policy initiatives will be proposed in this space in the coming months and years, including the FSB Format for Incident Reporting Exchange. Timely and transparent reporting mechanisms can foster collective intelligence that can be used to pre-emptively enhance protections against evolving cyber threats.

    3. Awareness and training

    It is important that financial services firms recognize that cybersecurity and resilience are not efforts that can be taken on by one individual or one team. To be effective, risk management and resilience must be embedded into the operational culture of firms. In support of this, organizations must continue to prioritize employee education and training programs that instill a risk and resilience mindset across all levels of a firm. Empowering employees with the knowledge to consider potential threats and possible mitigations can be an invaluable tool that strengthens the resilience of the industry.

    4. Industry-wide collaboration

    Broad collaborative efforts on resilience and cybersecurity must also occur at an industry level. Financial authorities play a pivotal role in shaping the industry’s continued evolution in this space. Collaboration between financial authorities and financial institutions is indispensable in fostering an environment conducive to enhanced data sharing and robust regulatory frameworks.