The Government Accountability Office (GAO) is recommending that the Treasury Department work with other federal agencies and sector partners to enhance cybersecurity within the financial sector.
The financial services sector’s reliance on information technology makes it a leading target for cyber-based attacks, the GAO points out. There have been several breaches at commercial entities in recent months that have heightened concerns that data isn’t being adequately protected.
In its review, the GAO looked at the key cyber-related risks facing the financial sector to determine the steps the industry is taking to share information and address risks to its sector. It also looked at the steps federal agencies are taking to enhance the security and resilience of the sector. GAO interviewed officials at 16 private sector entities, two self-regulatory organizations, and eight federal agencies, including the Department of the Treasury, as part of its research process.
The GAO made two major recommendations based on its findings. One, it said that the Secretary of the Treasury, in coordination with the Department of Homeland Security and other federal and nonfederal sector partners, should track the content and progress of sector-wide cyber risk mitigation efforts. Further, it should prioritize their completion according to sector goals and priorities in the sector-specific plan.
Two, GAO recommends that the Treasury Secretary, in coordination with the Department of Homeland Security and other federal and nonfederal sector partners, update the financial services sector-specific plan to include metrics for measuring the progress of risk mitigation efforts and information on how the sector’s risk mitigation efforts will meet sector goals and requirements.