With cyber threats growing, global policymakers say there needs to be greater cooperation between regulators, the financial industry, and law enforcement authorities to ensure that attacks are contained, and can be quickly addressed.

The Committee on Payments and Market Infrastructures (CPMI) issued a new report Tuesday that examines the practices used by organizations that comprise financial market infrastructures (FMIs) in an effort to enhance their resilience to cyber risks. The report — which was prepared by a working group consisting of representatives from central banks, along with representatives of the Basel Committee on Banking Supervision, the International Organization of Securities Commissions (IOSCO), the G10 Group of Computer Experts and its Working Party on Security Issues — notes that cyber resilience is increasingly becoming a top priority for infrastructure firms, although it also found disparities in those efforts.

The report stresses that these infrastructure entities are highly interconnected, and so, disruptions in one firm may spread to a multitude of others. Moreover, cyber threats tend to be cross-jurisdictional, it says; adding that this poses challenges for risk mitigation efforts conducted solely at national, or individual institution level. “These inherent interdependences across industry participants and jurisdictions underline the necessity for cooperation and communication between FMIs, central banks and other regulators on cyber resilience matters,” it says.

Indeed, the report says that extreme events “may challenge the ability of FMIs to recover within two hours following the detection of a cyber attack and to complete settlement by the end of the day of the disruption.” As a result, it says that industry leaders generally believe that efforts to move the industry towards faster recovery “need to be stepped up given the growing threat to the financial sector.” And, it says that the authorities concluded that coordinated action, and possibly additional guidance, may be justified.

The report says that, while regulators and supervisors are expected to cooperate, both domestically and internationally, “several challenges at the organisational, legal and confidentiality level need to be addressed.” For example, it reports that infrastructure firms with global operations “have expressed concern over their inability to share classified information within their own organisations.”

While law enforcement or intelligence agencies may provide classified information to management with the required security clearances, that information cannot be shared with anyone who does not have a security clearance from the country that provided the information. As a result, firms are ‘encouraging authorities to take an active role in helping FMIs to address these challenges through coordination efforts between the public and private sectors.”