Financial system vulnerable to cyberattack, NY regulator says

New York's financial regulator said on Monday his agency will focus on cyber security over the next year, saying the possibility of a systemic attack to the financial system is one thing that keeps him awake at night.

"It is impossible to take it seriously enough," said Benjamin Lawsky, superintendent of the Department of Financial Services (DFS) for the state of New York.

• Chinese cyberattack hits Canada's National Research Council
• JPMorgan investigates possible cyberattack by Russian hackers

Cyberterrorism is "the most significant issue DFS will work on in the next year," he said, speaking at a Bloomberg Markets event at the Museum of Jewish Heritage in lower Manhattan.

A series of prominent cyberattacks this year has underscored how vulnerable much data has become. Just this month Home Depot revealed some 56 million payment cards were likely compromised in a cyber attack at its stores, dwarfing another recent high-profile attack at retailer Target.

Banks, too, have not come away unscathed. JPMorgan Chase & Co said last month that it is investigating a possible cyberattack and working with law enforcement authorities to determine the scope.

Many attacks on banks

A report earlier this year by DFS on cyber security in the banking sector found that most institutions surveyed have come under cyberattack at some point in the past three years. The attacks came irrespective of the institutions' sizes, highlighting how prevalent an issue hacking has become.

"I worry that we're going to have some major cyber event in the financial system that's going to cause us all to shudder," said Lawsky, who regulates both banks and insurance companies.

Lawsky noted that, while there's a role for policy makers and legislators to address the issue, the public sector also may be able to prod the private sector to take steps to better handle the risk.

"We need to think about ways to incentivize the market participants to do more to protect themselves from attacks," Lawsky said.

Cyber attack insurance being developed

He noted the rising market for cyberattack insurance, still in its relative infancy. That, in turn, could help companies improve their internal systems to fight such breaches, as those efforts could help them secure policies.

"It's a bargain if we harden our systems now and protect against something more catastrophic," Lawsky said. "It is a great deal in my view. Once there is major event, everyone suffers. We're going to pay for it either now or then."

Companies are already allocating more money to cyber security in the wake of several high-profile attacks. Security is particularly crucial for banks as a successful attack on one player could destabilize the entire financial system.