The Evolution of Cybersecurity Requirements for the U.S. Financial Industry
July 17, 2015
The U.S. financial sector is a major target for global cybercriminals. Cybercrime is a growing industry around the world imposing significant costs on firms that fail to implement adequate safeguards. Regulators are taking notice of the increased risk of cyber threats. While statutes and regulations in the financial sector have not directly addressed cybersecurity, many impose implicit requirements on firms to secure their information technology (IT) systems in the name of operational assurance, data protection, and accurate reporting. To demonstrate compliance with this complex web of requirements, firms have turned to standards frameworks that outline effective cybersecurity systems and best practices. This report discusses the rules and frameworks that have shaped the cybersecurity standards employed by major financial institutions in the United States.