GAO Says Financial Sector's Business-Continuity Plans Fall ShortGAO Says Financial Sector's Business-Continuity Plans Fall Short

Banking and financial-services firms are likely the most secure segment of the private sector, IT security experts say, but a 119-page report from the U.S. General Accounting Office says there's much more work to be done.

While the report cited "heroic and sometimes ad hoc and innovative efforts to restore operations," the Sept. 11 attacks "severely disrupted U.S. financial markets, resulting in the longest closure of the stock markets since the 1930s and severe settlement difficulties in the government securities market."

The report, issued Wednesday, stresses that many financial firms still don't have adequate physical security measures in place, and that their business-continuity plans don't take these physical vulnerabilities into account. The report also calls for banking and securities regulators to create goals to restart trading and financial transactions after any future attacks.

The report also says that the SEC chairman should work to determine sound business-continuity practices needed to meet those goals, identify organizations critical to market operations to ensure they implement sound business-continuity practices, and test those strategies designed to resume financial trading.