In remarks delivered earlier this month, U.S. Treasury Secretary Jacob Lew highlighted the dangers of “cyber intrusions” to financial institutions. Secretary Lew cited more than 250 cyber attacks against U.S. banks and credit unions since 2011, as well as recent hacks and credit card thefts against major retailers. “Cyber attacks on our financial system represent a real threat to our economic and national security,” said Secretary Lew.
To combat cyber attacks, Secretary Lew recommended that financial institutions adopt the NIST Cybersecurity Framework, stating that “every financial services firm should use this framework to reduce cyber security threats.”
The Secretary also stressed the “imperative that firms collaborate with government agencies and with other firms.”
In connection with Secretary Lew’s remarks, the Treasury Department issued a press release calling for national cybersecurity legislation. The Treasury Department seeks “comprehensive legislation” that will “improve information sharing by providing targeted liability protections while protecting privacy considerations.” A cybersecurity bill is presently pending in the U.S. Senate.
Cybersecurity “should be the responsibility of management at all levels,” remarked Secretary Lew. “If you are the leader of a business, you should know how strong your company’s defenses are, you should know if there are response plans in place in case a significant security breach occurs, and you should be getting regular reports on cyber security threats and what your company is doing to respond to those threats.”
Written by Michael Young, Associate, Technology and Privacy Group | Alston & Bird LLP