Private sector firms have made modest progress in recent years when it comes to adopting cybersecurity best practices, according to then-CFTC Commissioner Kristin N. Johnson. In remarks delivered on July 14, 2025, at the Regulators Roundtable on Financial Markets Innovation and Supervision of Emergent Technology, Johnson discussed international cybersecurity defenses and protocols, highlighting acute dangers in a heavily interdependent business world in which a contagion of breaches, or “domino effect,” is all too likely. She noted that the expertise and technology that firms leverage in the hope of shielding their own data and systems often fail to take account of the dangers that a breach might occur at the nexuses of interaction between a firm and a central counterparty or other vendor or service provider. The dangers of third-party exposure; failures of counterparty risk management; cross-border attacks and breaches; and the growing use of IT infiltrators and artificial intelligence on the part of rogue states, hackers and other bad actors are all issues of grave concern and call for improving third-party risk management; bolstering cross-border regulatory and enforcement efforts; and sharing of actionable threat intelligence among firms, she argued. This article covers key takeaways from Johnson’s remarks with practical commentary on insider threats, third-party risk mitigation and incident preparation and response from cybersecurity experts at Debevoise & Plimpton and Otterbourg. See “CFTC Advisory Cautions Firms to Remain Compliant When Deploying AI” (Aug. 14, 2025).