As seen from the previous example, interdependence both within and across industries and law enforcement requires critical review to ensure collective benefit, especially when that involves sharing sensitive information. Balancing privacy and civil liberties is of primary concern, but in many cases even non-personal information that would be valuable to share is not shared due to lack of clarity as to whether it is allowed. Many privacy laws and regulations make exceptions on sharing data for purposes such as fraud prevention, yet there are so many applicable laws and regulations that it is easier to err on the side of caution. Improving clarity on what can be shared, with whom, and when will dramatically improve the ability for industries and law enforcement to collaborate, identifying and responding to threats more quickly. When threats are understood more quickly, critical infrastructure industries and vendors can develop responses more rapidly.

The financial services industry is already leading in defending against a variety of cybercrimes, and more attention and cooperation will only improve the ability for institutions to defend themselves against threats. Care must be taken to ensure new guidelines and regulations provide appropriate incentives and do not lead to prescriptive measures that cannot keep up with the rapidly evolving threats. Coordination between the public and private sector should enable and encourage financial institutions to continue to respond to threats and improve their defenses.