没看懂什么意思

问题如下：

The CRO at a bank wants to strengthen the bank’s capability to defend itself against emerging cyber-threats. To help achieve this goal, the CRO is assessing the current range of practices regarding the sharing of cyber-security information between different types of institutions, as well as the potential benefits from sharing information. Which of the following statements would be most appropriate for the CRO to make?

选项：

A.The sharing of cyber-security information among banks is less frequently observed and generally considered to be less effective than other cyber-security information-sharing practices.

B.The scope and depth of information-sharing practices among banks may significantly vary between financial markets, depending on the level of trust among participating banks.

C.Information-sharing among different national regulators has evolved significantly over the past several years and is now a widespread practice at a large majority of jurisdictions.

D.Existing peer-sharing mechanisms among banks focus on the exchange of information related to cyber-security incidents, but such information is generally not shared from banks to regulators.

解释：

B is correct. Sharing of information and collaboration among banks depends on the financial industry’s culture and level of trust among participants. Experience shows that a two-level information-sharing structure through which information would be first shared on the interpersonal level with a closer group and then be exchanged at the company level with a broader group of banks helps build trust into the system. A is incorrect. Sharing of information among banks is one of the most widely observed practices across jurisdictions and a relatively wider range of information, such as knowledge about cyber threats / cyber intelligence is typically shared among banks. C is incorrect. Sharing amongst regulators is one of the least observed practices and a majority of jurisdictions do not currently allow it. D is incorrect. Banks typically do not share information about cyber-incidents with each other, but they do share this information with regulators at times when required by regulatory reporting practices.