If you thought 2014 was a bad year for data breaches, just wait ’til you see what 2015 has in store.

Already, health insurer Anthem experienced a data breach that paled in comparison to Target or Home Depot, leaving millions of consumers vulnerable to personal identity theft. High-profile breaches like these are driving the banking industry’s push for a uniform federal data breach law that would rectify issues they see with public disclosures and information-sharing among financial institutions. Indeed, the American Bankers Association recently testified before a Congressional subcommittee on the need for just such a law.

State lines don’t exist on the Internet, and a federal law is preferable to a patchwork of different statutes across the country, proponents say. After all, just because your information is stolen in one state doesn’t mean that’s where it will be abused.

“As anxious as the states are to try to jump in and help this issue through some potential legislation, they’re hesitant to do so because they know it’s not going to be helpful to have 50 different sets of laws across the states,” said Barry Abramowitz, chief information officer and executive vice president at Liberty Bank in Middletown.

Of less urgency, but great significance to the banking industry, are the debit and credit card breaches that may feel to some like business as usual.

The complaint is a familiar one: Though a retailer may suffer the initial data breach and PR blowback, it’s the banks who are stuck with the bill for reissuing cards, and if a customer has to get a new debit card three times in one year, he or she may start to wonder if it isn’t actually the bank at fault.

One key issue right now, said Lindsey Pinkham, president of the Connecticut Bankers Association, is that financial institutions and retailers follow two different standards for data security. While banks are subject to standards set by the Gramm-Leach-Bliley Act, merchants adhere to the less stringent Payments Card Industry (PCI) standards, he said.

Next door in Massachusetts, bankers are hoping the state legislature will pass a bill that would reassign the risk of loss and shift some of the cost burden back onto retailers in those types of situations. Minnesota already has one such law, and several banks have filed a class-action lawsuit there in the hopes of recovering some of the damages they suffered after Target’s breach late in 2013.

“It’s a disparate playing field,” Abramowitz said. “The financial institutions really take it on the chin when things like debit and credit card breaches happen.”

The Last Lines Of Defense

While the increasing frequency and high-profile nature of such data breaches may spur lawmakers to act a bit more quickly, that doesn’t mean bankers are sitting about, twiddling their thumbs and waiting for the feds to ride to the rescue.

As Gerald R. Gagne, a member at the Boston-based firm Wolf & Co. put it, “The bottom line is: the money is still at the banks. … That’s where the last line of defense has to be.”

Recent guidance from the Federal Financial Institutions Examination Council (FFIEC) is a good place to start, he said.

“Much of the guidance is going to be familiar to the banks,” Gagne said. “It has to do with vendor management, third-party management, risk assessment and network security. But there are some new themes, things maybe the banks haven’t focused on, like education and awareness of the board, making sure the board understands what the problem is, what the threats are, and how the bank is dealing with it.”

In particular, there is a push within the industry for information sharing. Among other things, the FFIEC also recommends that financial institutions of all sizes participate in the Financial Services Information Sharing and Analysis Center.

And last year, the Federal Reserve Bank of Boston also launched its own cybersecurity pilot program for banks under $10 billion in assets. Much of that effort focuses on sharing information between banks and the feds about cyber-threats and their reactions to those threats. The Boston Fed’s leadership has said they hope to expand the model throughout New England and eventually the rest of the country.

Information-sharing, though it may be the first step, is more than simply a convenient buzzword, and Gagne uses an apt metaphor to underscore its importance.

“It’s kind of like a neighborhood watch program,” he said. “If you notice something funny in your neighborhood and you share that with other people, they’re more likely to have their guard up. … If you’re able to put those early warning systems out there, the bad guys will have a harder time finding victims.”

Email: lalix@thewarrengroup.com.