Indictments unsealed in June hint at the scope of the problem.

The exercise, which assembled 18 financial institutions and the industry’s threat-sharing center, simulated a “WannaCry-like” ransomware attack.

Three professional associations for bean-counters argue that any regulation should only set high-level principles or flexible frameworks — not specific or prescriptive rules which might be duplicative and could become quickly outdated as hacker threats evolve.

The guidance is the first real effort to establish transnational standards for cybersecurity in perhaps the most high-stakes sector of all — financial services.