The Group of 7, comprised of Canada, France, Germany, Italy, Japan, the United Kingdom, and the United States, adopted a non-binding agreement aimed at strengthening the cybersecurity and resiliency of the international financial system. The accord lays out eight “high-level fundamental elements,” which both public and private financial sector entities can utilize.
The elements of the agreement, described as “building blocks upon which an entity can design and implement its cybersecurity strategy and operating framework,” are meant to be tailored to each entity’s legal and regulatory requirements, threat landscape, and role in the financial sector. In addition, the accord covers how an entity should respond to and recover from cyber attacks, as well as share information related to incidents. Notably, the agreement reinforces the need for financial sector entities to continually learn from previous incidents and systematically re-evaluate their strategies and frameworks as new threats emerge and existing threats evolve.
The G-7 accord is the latest cybersecurity action aimed at the financial sector since the unprecedented cyber theft of $81 million from the Bangladesh Bank earlier this year. Federal Reserve Board Vice Chairman Stanley Fischer noted that “[t]he international financial architecture is only as strong as its weakest link, and that is why the United States should work with our partners around the world to bolster their information security and resiliency.”