The Futures Industry Association (FIA) put out a report that contains lessons learned and recommendations to improve cybersecurity in the industry.
The new report stems from a recent cyber incident that occurred in the derivatives industry that caused significant disruption in the processing of trades executed on multiple exchanges around the world. The disruption was triggered by a ransomware attack on a single third-party service provider.
The report, drafted by a task force made up of subject matter experts and business leaders, focuses primarily on the operational resilience and recovery issues raised by this ransomware attack. In particular, it focuses on steps that firms in the exchange-traded and cleared derivatives industry can take to increase coordination and information sharing in all aspects of operational resilience.
“In this industry, many market participants rely on third party service providers for certain essential functions,” Walt Lukken, president and CEO at FIA, said. “When one of these service providers is disrupted by a cyberattack, the effects can ripple throughout the industry. Today’s report is intended to shore up our readiness for a future cyber-attack and strengthen the ability of firms to recover from such an incident.”
The six recommendations in the report are:
1. Create an “Industry Resilience Committee” to encourage the development of secure communication channels with respect to all forms of operational resilience, including but not limited to cyber resilience;
2. Integrate the exchange-traded and cleared derivatives industry with sector-wide groups that specialize in cybersecurity and operational resilience across the financial services sector;
3. Review and affirm policies and procedures for reconnection to impacted parties during and after a cyber incident;
4. Establish procedures for sharing critical data and other information with counterparties and clients in a timely manner during a cyber incident;
5. Identify ways to make the assessment of risks to operational resilience more efficient, for example by standardizing the questionnaires used in the assessment process; and
6. Participate in exercises that test preparedness for cyberattacks.
“FIA thanks the members of the Taskforce for their engagement on this important initiative and their willingness to come together to share information,” Don Byron, head of global industry operations & execution at FIA, said. “We received terrific feedback from all areas of the industry that helped us to develop some highly targeted and relevant recommendations. We believe this report will provide a framework for collaboration that will strengthen the industry’s ability to respond to future attacks. ”