The Government Accountability Office (GAO) has recommended that the Department of the Treasury collaborate with other federal agencies and partners in the financial services sector to track the sector’s efforts to mitigate cyber risks.
GAO said in a report published Thursday that the Treasury should also work with other agencies and sector partners to establish metrics for assessing progress and update sector-specific plans with information on how the sector's efforts will meet the requirements outlined in the 2019 National Cyber Strategy Implementation Plan.
“Unless more widespread and detailed tracking and prioritization of efforts occurs according to the goals laid out in the sector-specific plan, the sector could be insufficiently prepared to deal with cyber-related risks, such as those caused by increased access to data by third parties,” the report reads.
The financial services sector, which holds approximately $108 trillion in assets, faces various cyber-related risks, including an increase in access to financial data through information technology supply chain partners, a rise in interconnectivity through cloud, network and mobile applications and use of more sophisticated malware by threat actors.
The report noted that the Treasury, the Department of Homeland Security (DHS) and other financial regulators have taken steps to improve cybersecurity through risk mitigation initiatives, such as carrying out simulation exercises with regard to cyber incident response and recovery efforts.