During a recent meeting of the Joint Committee on Information Management and Technology, members discussed pressing issues surrounding cybersecurity, particularly in the financial sector. The meeting highlighted the alarming frequency and cost of cyber attacks, emphasizing that financial institutions are particularly vulnerable. According to the latest data, these institutions are 300 times more likely to face a cyber attack, with the average cost of a data breach in the United States reaching approximately $9.36 million in 2024. This figure represents a slight increase from the previous year, while the average time to contain such breaches has decreased to 64 days.

The committee outlined the top threats facing financial organizations, which include phishing, denial of service attacks, ransomware, malware, spam, and smishing. These threats not only lead to significant financial losses and data theft but also erode customer trust, disrupt operations, and result in regulatory and legal consequences. The increased costs associated with cybersecurity measures are also a growing concern for these institutions.

In response to these challenges, the Oregon State Treasury has developed a comprehensive information security program organized into four key domains: security operations, architecture and engineering, threat and vulnerability management, and risk and compliance. This program aligns with the National Institute of Standards and Technology (NIST) cybersecurity framework, which is also in sync with Oregon's statewide security plan. The Treasury is particularly focused on data governance and risk management strategies, following the recent introduction of a governance objective by NIST.

The discussions at this meeting underscore the critical need for robust cybersecurity measures in the financial sector, as the risks and impacts of cyber attacks continue to escalate. As the committee moves forward, it will be essential to monitor the effectiveness of these strategies and adapt to the evolving landscape of cyber threats.