Disconnect: Cybersecurity Decision-Making for Financial Institutions

In today’s highly interconnected financial system, institutions rely extensively on third-party vendors and shared networks to facilitate real-time trading, payments, and data transfers. However, this interdependence creates systemic risk: when one firm experiences a cybersecurity breach, others must decide whether to disconnect—potentially halting operations to contain contagion—or stay connected and risk exposure. This project, in partnership with the Financial Services Information Sharing and Analysis Center (FS-ISAC), will examine how financial institutions make these critical decisions and evaluate global efforts to standardize disconnect/reconnect frameworks.

The research will compare emerging frameworks from the U.S., U.K., G-7, and other jurisdictions, analyzing their recommendations for when and how firms should sever and reestablish digital connections during a cybersecurity incident. Through interviews with industry leaders, policymakers, and cybersecurity experts, as well as analysis of operational data, the team will assess how institutions weigh trade-offs between security, continuity, and market stability.