-
The increasing inevitability of cyberattacks and data breaches in today’s digital economy is causing regulators in Asia-Pacific to worry about the risk to financial services of a systemic cyber event.
These events pose a major threat in terms of service, confidence and capacity to keep the wheels of commerce in operation, so regulators are moving rapidly to strengthen their regulatory and supervisory capabilities.
According to Deloitte's Cyber regulation in Asia Pacific report, cyber-attacks globally and within Asia Pacific have increased in frequency and sophistication, with the cost of cybercrime estimated around $US575 billion a year. Financial services organisations are a key target.
We argue a multi-pronged but coordinated approach should be adopted - one focused on security, vigilance and resilience, supported by robust governance and guided by a clear strategy. This will best position financial institutions to be cyber strong and to stay ahead of regulatory expectations.
" A multi-pronged but coordinated approach should be adopted." Kevin Nixon & James Nunn-Price
Targeted in APAC
This is hardly surprising: the financial system relies on confidentiality of data, protection of deposits, and provision of critical services. The threat, given the frequency of cyber-attacks recently, is clear and present.
Because financial institutions are becoming data-driven digital businesses as more financial services are delivered online cyber risk increases. Given the financial system is extensively interconnected and increasing ICT interdependence across borders if cyber risks and responses are not well managed the impact of a cyber event can quickly spread.
That then drives regulators to consider appropriate standards and supervisory tools and actively urge firms to enhance their capabilities to address these emerging threats
But it’s not just meeting regulatory demands which makes managing cyber risk important - robust security and risk management is essential for maintaining trust and enhancing a competitive edge to retain customers.
Views from regulators
{CF_IMAGE}
Varied approach
Although cyber threats cut across borders, regulatory approaches to cyber risk in Asia Pacific are varied and localised, with no significant steps yet taken towards harmonised standards across the region.
Many financial institutions struggle to understand the regulatory differences at a country level or are aware of emerging threats so as to design coherent and robust cyber risk programs across jurisdictions.
Another challenge for firms is the shortage of IT security specialists and cyber professionals, making it difficult to stay up to date with the pace of change in the cyber landscape.
There can also be a lack of management recognition or understanding of the importance of cyber security, which may mean a failure to adopt a coordinated approach across functions.
While different countries face different challenges, there are broad regulatory themes and approached common across the region underlying the clutter of difference laws, rules and standards.
Framework
{CF_IMAGE}
Cyber-attacks are inevitable. Regulators and organisations must accept this and turn their attention to building enterprise-wide programs to ensure they can adapt quickly and effectively to the constantly changing landscape. The ability to recover fast is critical.
Beyond individual action, it is important for industry, regulators and governments to work together to further enhance cyber skills and expertise, to develop common standards and approaches, and to support information sharing.
Coordinated responses to incidents and attacks, drawing on group knowledge and experience, is a key element to maintaining cyber resilience within the system as a whole and among its many participants.
{CF_IMAGE}
Kevin Nixon & James Nunn-Price are partners, risk advisory at Deloitte
The views and opinions expressed in this communication are those of the author and may not necessarily state or reflect those of ANZ.
-
-
-
anzcomau:Bluenotes/Fintech,anzcomau:Bluenotes/business-finance
Fintech, cyber risk & solutions
2017-08-29
/content/dam/anzcomau/bluenotes/images/articles/2017/August/Deloitte-cyber1.png
EDITOR'S PICKS
-
New system supports easy-to-remember ID to safely direct or receive payments.
2017-07-28 10:50 -
Banking is essential to a modern economy but banks are not. Can FANGs fill the role?
2017-06-14 17:14 -
We speak to AUSTRAC CEO Paul Jevtovic on the relationship between regulators and the private industry.
2017-05-18 10:49