2025 Public Sector Perspectives

Citi benefits from a safer and more secure financial system environment. Moreover, in the event of an attack, the relevant officials have established relationships with our cybersecurity teams, which allows maximum trust when reaction time is critical. We have had thousands of people from roughly 300 organizations visit our CSFCs over the past several years, including senior government officials and central bankers from around the world, CEOs, COOs, and CFOs of the world’s largest companies to listen, learn, and share information. 11. Develop a consistent regulatory framework Cyber regulation is fragmented. Regulators have a peculiar challenge trying to react and guide in a complex, ever-changing space. Standards are still in development for a number of cyber areas like incident reporting, threat assessment sharing, cloud services, data protection and penetration testing. We are all learning together. For Citi or any other global bank, this level of fragmentation and differentiation is challenging to manage. In a recent conversation with European cyber regulators, we discussed this topic. What surprised me most was their frustration recruiting and retaining specialized cyber talent with the skills, knowledge, and capacity to deeply understand the evolving cyber complexities. There is a tremendous gap between the cyber talent supply and market demand. The World Economic Forum projects that there is a shortage of nearly 4 million cybersecurity professionals worldwide – and the gap widens every day with the burgeoning advancements in GenAI technology. 5 12. Build cyber capacity There are three levels of capacity- building in cybersecurity: your core team of cybersecurity professionals, your senior and mid-level central bank leadership, and your financial home country ecosystem. Citi is engaged in an aggressive effort to build capacity in our broad global ecosystem, which includes clients like you. It means collaborating with central banks, regulators, governments, corporates, and banks. It means educating our supply chain. We are committed, not only to protecting our systems and client data to the best of our ability, but also to working with players in our ecosystem 5 World Economic Forum, “Strategic Cybersecurity Talent Framework,” April 2024 Terms Glossary Application Programming Interface (API) Software that allows different programs to communicate with each other APT28 Advanced Persistent Threat (APT) group 28 (also known as Fancy Bear, Pawn Storm, the Sednit Gang and Sofacy), is a highly skilled nation state sponsored threat actor based in Russia Analysis and Resilience Center for Systemic Risk (ARC) Private sector organization designed to protect the economic and national security of the United States by mitigating systemic risk to the nation's most critical infrastructure and consists of sophisticated cybersecurity-capable firms Brute force A hacking method that uses trial and error to crack passwords, login credentials, and encryption keys Cybersecurity and Infrastructure Security Agency (CISA) Constituent part of the United States Department of Homeland Security (DHS) formed in 2018 and responsible for cybersecurity and infrastructure protection across all levels of government Credential surfing Credential stuffing is a cyber-attack in which credentials obtained from a data breach on one service are used to attempt to log in to another unrelated service faketivism Nation state sponsored hackers who breach and leak by attempting to wear a hacktivist cloak “Fat tail risk” Also known as a black swan or tail-risk, a fat-tail event is when something occurs that was unexpected or was thought to be so far-fetched that it was nearly impossible Financial Services Information Sharing and Analysis Center (FS-ISAC) U.S.-based industry consortium founded in 1999 dedicated to reducing cyber-risk in the global financial systemby acting as a trusted peer-to-peer network of experts. Expanded its role to encompass physical threats to the financial sector after 2001 Indicators of compromise (IOCs) Indicators of compromise (IOCs) are signs that a systemhas been compromised by an attacker. IOCs can include unusual outbound traffic, increased database activity, anomalies with privileged user accounts, suspicious registry changes, andmore 38 Cyber Winter: Are Central Bankers Ready?