Cybersecurity and Finance – Why it’s important
by Heat Recruitment
by Marcus Granville and Lucy Evans
Financial services firms are investing more time and money in cybersecurity as fears grow over the threat of cyber attacks and the consequent tougher approach from regulators.
A survey by corporate adviser Duff & Phelps earlier this year found that 86 per cent of financial services firms planned to spend more on cybersecurity in 2017, compared with less than 60 per cent last year.
The research involved 200 executives in Europe, Hong Kong and the US, with two thirds saying they expected cybersecurity to be a priority for regulators, compared with only 19 per cent a year earlier.
So, clearly, it’s the fear of punishment from the regulators that is driving this increased investment not just in infrastructure but in bringing in the skilled talent they need and upskilling that which they already have.
“Cybersecurity is at the top of the agenda for financial services firms today,” Jason Elmer, Managing Director, Compliance and Regulatory Consulting at Duff & Phelps told GT News. “In the wake of high-profile cyber attacks, many are anticipating clearer and more punitive cybersecurity regulation to be implemented.
“Firms are proactively looking to strengthen cyber defences as a result, and this is an opportunity for regulators to collaborate with financial institutions to form new rules. What’s also clear is that commercial pressures from investors concerned about the security of their sensitive data will accelerate any attempt to improve cybersecurity measures.”
Cybercrime is now big business around the world, and the implications for financial services firms are enormous. The UK government recognised this when it announced a £1.9 billion five-year programme to fight cybercrime last year.
And a survey by the Bank of Japan in October 2017 showed that half of Japanese banks had been targeted since 2015, and 10 per cent had suffered some level of impact.
In the UK, we have seen £2.5 million stolen from Tesco bank accounts, and an assault on HSBC’s online banking system, which disrupted its services in January 2017.
The impact of a cyber attack on a financial organisation could be devastating, and in the wake of those assaults, Bank of England Deputy Governor Sam Woods has said tougher regulation on financial firms is to be expected.
The regulators’ ‘emergency’ response system has been triggered six times in the past 12 months alone, he told the Reuters Financial Regulation Summit.
“We need to ask ourselves, because no IT system is absolutely perfect, what is the degree of outage that is acceptable,” he said.
He expects there to be three levels of ‘tolerance’, the lowest for activities regulated by the Financial Conduct Authority, whose main aim is to protect consumers.
A second layer would be monitored by the Bank of England’s Prudential Regulation Authority, which he heads, and would look at whether the solvency of the firm being hacked remained sufficiently robust.
A third layer would be set by the Bank of England’s Financial Policy Committee, which monitors threats to wider financial stability.
“At the moment nowhere in the world has anyone articulated a view on that stuff, and we are going to attempt to do so,” he said.
Exactly what shape any new regulation takes, we don’t yet know, but financial firms can be sure that cyber attacks will continue. With GDPR just around the corner, regulation will get even tougher – so that extra investment in cybersecurity is looking like money well spent.