Skip to Main Content
PCBB Banc Investment Daily January 07, 2019
Banc Investment Daily
January 07, 2019

Discovering Cyber Risks And Fighting Together

Summary: Cyberattacks happen 300x more frequently in financial institutions than other industries. A system of buddy banks was created to help. Are you Shelter Harbor-ready?
Last year was an interesting one for scientists. They figured out how to use nano-robots to kill cancer, found a large body of water on Mars, created a new drug to treat migraines, grew meat in a lab without using animals, found a 3,200 year old cheese, and birthed a healthy baby mouse from two moms and no dad. We are looking forward to seeing what discoveries this year brings.
We realize that we just reported on the cyber risk of privileged users, but we haven't discussed the Sheltered Harbor program yet so we thought this may be a good time to bring it up.
Clearly, cybersecurity attacks are flourishing in financial institutions. Although it may seem a never-ending war to be fought, there are different ways to fight. Sheltered Harbor is one way that community banks may be able to fight the good fight.
We all know the stakes are high in the cyber risk realm. Cyberattacks happen 300x more frequently in financial institutions than other industries. According to a Javelin report, American banks lost $16.8B to cybercriminals in 2017, and more than 15mm customers were victims of cyber attacks. Against such a backdrop, the Sheltered Harbor project was started 2Ys ago to add another layer of protection to safeguard customers' information and account balances, when a financial institution is under attack.
The program, created by the Financial Services Information on Sharing and Analysis Center (FS-ISAC), relies on a system of buddy banks. Big institutions like HSBC, Citigroup, JP Morgan Chase and others are included, but so are community banks. These banks supplement their own defenses by storing critical information in a data vault every day. Each bank manages its data. The only requirement from Sheltered Harbor is to follow the guidelines on formatting data, encrypting them and protecting them from changes.
In case of a cyberattack of a particular financial institution, there is a backup buddy system. Banks choose in advance the partners that have access to the bunker that could bring accounts back to life within 48 hours.
Community banks of course can't spend as much as giant institutions on protection. Yet, Sheltered Harbor is flexible. Large banks pay $50,000 to participate, while smaller members pay $250 to $25,000 depending on size. This voluntary private approach has convinced a lot of institutions and brokerage firms of its merits, as they are certified Sheltered Harbor-ready. Today 68% of US retail bank accounts are reportedly covered and 55% of brokerage accounts.
The advantage for community banks? Being Sheltered Harbor-ready could emphasize your commitment to cybersecurity with this additional layer of protection. It may also show that your bank is a trusted financial partner that customers are expecting.
While community banks could be reluctant to allow a potential competitor to see their data, several have already set up reciprocal backup relationships with other banks through this program. The idea is that if one bank goes down, there are others there to help pick them and their customers back up.