US banks prepare cyberattack contingency plan

US banks prepare cyberattack contingency plan | Insurance Business America

US banks prepare cyberattack contingency plan
Banks across America have moved forward with an initiative meant to help shield financial companies from industry-crippling cyberattacks.

Dubbed Sheltered Harbor, the project involves the participation of various banks and credit unions that have about 400 million accounts in the US. Members of the Sheltered Harbor project are required to individually back up data so that it can be used by other member firms to serve customers in the event of a debilitating data breach.

Banks can pay fees between $250 and $25,000 a year to participate in the national data backup initiative, depending on their size. Members must also follow guidelines on formatting their backup data, creating the backup vault, and submitting to audits. The data submitted must be able to cover an affected bank’s customers within 48 hours of a data breach.

The concept for Sheltered Harbor was conceived last year by the Financial Services Information Sharing and Analysis Center and its trade group members.

Sheltered Harbor’s 34-member board is composed of representatives from all walks of the financial sector – including executives from big banks, financial groups, trade associations, clearinghouses, and broker-dealers.

The project’s development comes after credit bureau Equifax had revealed in September that its data had been breached, exposing the personal information of as many as 145.5 million consumers.

Similar cyberattacks could be staged on banking companies, crippling their ability to operate. Experts project that when data breaches disable banks and prevent customers from accessing their accounts, it could cause a disastrous domino effect – panicking customers with unaffected banks to withdraw their funds en-masse, potentially sparking a run on the wider banking system.

“So far, most people think about cyber in terms of having a credit card stolen,” MIT Sloan School of Management information technologies professor Stuart Madnick explained to Wall Street Journal. “What you’re talking about now is a nuclear attack: If you can’t get to the ATM and get it to work.”

Although the Federal Reserve and Federal Deposit Insurance Corporation (FDIC) have measures in place to help the financial industry recover in the event of emergencies – such as the Reserve’s discount window that allows banks to borrow and the FDIC’s deposit insurance guarantees – such measures were designed to counter bank failures related to a firm’s solvency or liquidity.

Related stories:
Wells Fargo to exit insurance business
Major US banks set up third-party risk management company