In a new report, the GAO found that regulators should begin collecting IT security incident reports and classifying them by category of deficiency. Only then would they be able to analyze trends across financial institutions.
In addition, representatives from more than 50 financial institutions told GAO that obtaining adequate information on cyber threats was challenging. Information viewed as most helpful for assessing threats and protecting systems included details on attacks other institutions experienced. The Treasury Department has initiated several activities to confidentially share information with other institutions. In addition, it has formed a special group to obtain declassified information and share it with institutions through a series of circulars.
For the complete report, visit GAO-15-509