Certification Survey Extra: Cybersecurity and Government, Part 3
Posted on
June 17, 2021

Certification Survey Extra is a series of periodic dispatches that give added insight into the findings of our most recent Certification Survey. These posts contain previously unpublished Certification Survey data.

Should government officials directly regulate cybersecurity protection across the financial sector?

The English language includes the words "fiat" and "specie" to describe physical forms of currency. Fiat is paper currency, or more specifically any medium used as money that has no intrinsic value. Specie is coinage, typically metal, and often minted from precious or semi-precious ores. Why the vocabulary lesson?

For the purposes of today's discussion, it's because fiat and specie — both the terms and the tender they designate — are increasingly in danger of becoming obsolete. When is the last time that you used cash from your wallet or coins out of your pocket to pay for anything? In our increasingly modern age, even getting a bag of M&M's from a vending machine can quite often be accomplished using a credit card or smartphone.

Almost everything is paid for with credit cards or, to an increasing degree, automated bank transactions. When's the last time that you wrote a check to pay your monthly mortgage installment?

The digitization of currency and currency transactions, of course, is convenient — but it also carries a sky high degree of risk. Are we capable of securing and protecting everyone's money when money is more virtual than it's ever been before? And who should we be asking that question of? Banks, naturally. But also: bwaa-hah-hah-ah-hah.

History has shown that even quasi-legal activities can fatally undermine banks. Direct criminal interference with banks has the potential to wreak far greater devastation than trading shenanigans or reckless investments. And since banks tend to be about as capable of rescuing themselves as a toddler in a lion's den, well...yikes.

Given the likelihood that government officials are the ones most likely to be left holding a mop and a bucket the next time that there's a financially devastating cyberattack, should those same officials be firm in requesting advance preparation and protection? In our recent Security Certification Survey, we asked what role governments should play in guarding against digital financial upheaval.

Here's how certified information security professionals responded:

Statement 1: Government should aggressively promote cybersecurity protections and preparedness in the financial and banking sector.

Strongly Agree: 42 percent
Agree: 46 percent
Neither Agree nor Disagree: 8.6 percent
Disagree: 1.7 percent
Strongly Disagree: 1.7 percent

Statement 2: Government should directly regulate cybersecurity protections and preparedness in the financial and banking sector.

Strongly Agree: 27.5 percent
Agree: 37.1 percent
Neither Agree nor Disagree: 17.7 percent
Disagree: 13.7 percent
Strongly Disagree: 4 percent

Almost everyone who responded to the survey thinks that government should be involved. Roughly 88 percent of those surveyed either agree (46 percent) or strongly agree (42 percent) that government officials should 'aggressively promote' a stronger degree of protection and preparedness. Meanwhile, not even a full 5 percent are directly resistant to that notion.

On the other hand, it would seem that there's a line between 'aggressively promoting' something and requiring it by law that some would rather not cross. There's still strong support for direct intervention by government officials: Nearly 65 percent of survey respondents either agree (37.1 percent) or strongly agree (27.5 percent) that directly regulating cybersecurity protection across the banking sector is a good idea.

The group of those unwilling to venture an opinion is nearly twice the size of the fence sitter segment when the keyword is the less forceful 'aggressively promote.' And nearly 18 percent either disagree (13.7 percent) or strongly disagree (4 percent) with the notion of direct regulation.

It generally takes near-overwhelming disaster to move the needle on government regulation. In that sense, immediate action is probably no closer than the unforeseeable emergence of a globally, or at least regionally, catastrophic cybersecurity breach. In the meantime, well, we can't even advise you convert your assets to fiat and specie. In the not-too-distant future, than may not even get you a can of soda.

About the Author

Certification Magazine was launched in 1999 and remained in print until mid-2008. Publication was restarted on a quarterly basis in February 2014. Subscribe to CertMag here.

Posted to topic:

Important Update: We have updated our Privacy Policy to comply with the California Consumer Privacy Act (CCPA)

CompTIA IT Project Management - Project+ - Advance Your IT Career by adding IT Project Manager to your resume - Learn More