This paper builds on previous SWIFT Institute research (Sharing Insider Threat Indicators: Examining the Potential Use of SWIFT’s Messaging Platform to Combat Cyber Fraud) which proposed a protocol for sharing insider threat activities between financial institutions.
This new study was an attempt to pilot the exchange of insider threat reports between a group of banks in the US. The pilot concluded with a number of findings on challenges to information sharing, that until resolved, will prevent firms from formalising engagement in this area. While there were some legal hurdles around sharing information, the most significant findings related to data access and technical issues, cultural constraints for internally sharing data, inconsistencies between financial institutions around data collection, and a lack of a universal call to action for sharing insider threat activity.
Institution(s):
- American University
- Citibank