Financial Risk Manager Part 2
Get started today
Ultimate access to all questions.
In the context of enhancing the bank's resilience to emerging cyber threats, the Chief Risk Officer (CRO) is currently reviewing the present methods of cybersecurity information exchange among different institutions. Additionally, the CRO is contemplating the potential benefits that such information sharing might offer. Which of the following statements would be the most appropriate for the CRO to convey?
In the context of enhancing the bank's resilience to emerging cyber threats, the Chief Risk Officer (CRO) is currently reviewing the present methods of cybersecurity information exchange among different institutions. Additionally, the CRO is contemplating the potential benefits that such information sharing might offer. Which of the following statements would be the most appropriate for the CRO to convey?
Explanation:
B is correct. Sharing of information and collaboration among banks depends on the financial industry's culture and level of trust among participants. Experience shows that a two-level information-sharing structure through which information would be first shared on the interpersonal level with a closer group and then be exchanged at the company level with a broader group of banks helps build trust into the system. A is incorrect as sharing of information among banks is one of the most widely observed practices across jurisdictions and a relatively wider range of information, such as knowledge about cyber threats / cyber intelligence is typically shared among banks. C is incorrect because sharing amongst regulators is one of the least observed practices and a majority of jurisdictions do not currently allow it. D is incorrect because banks typically do not share information about cyber-incidents with each other, but they do share this information with regulators at times when required by regulatory reporting practices.