Fintech, cyber risk & solutions

We argue a multi-pronged but coordinated approach should be adopted - one focused on security, vigilance and resilience, supported by robust governance and guided by a clear strategy. This will best position financial institutions to be cyber strong and to stay ahead of regulatory expectations. 

" A multi-pronged but coordinated approach should be adopted." Kevin Nixon & James Nunn-Price

Targeted in APAC

This is hardly surprising: the financial system relies on confidentiality of data, protection of deposits, and provision of critical services. The threat, given the frequency of cyber-attacks recently, is clear and present.

Because financial institutions are becoming data-driven digital businesses as more financial services are delivered online cyber risk increases. Given the financial system is extensively interconnected and increasing ICT interdependence across borders if cyber risks and responses are not well managed the impact of a cyber event can quickly spread.

That then drives regulators to consider appropriate standards and supervisory tools and actively urge firms to enhance their capabilities to address these emerging threats

But it’s not just meeting regulatory demands which makes managing cyber risk important - robust security and risk management is essential for maintaining trust and enhancing a competitive edge to retain customers.

Views from regulators 

{CF_IMAGE}

Varied approach

Although cyber threats cut across borders, regulatory approaches to cyber risk in Asia Pacific are varied and localised, with no significant steps yet taken towards harmonised standards across the region.

Many financial institutions struggle to understand the regulatory differences at a country level or are aware of emerging threats so as to design coherent and robust cyber risk programs across jurisdictions.

Another challenge for firms is the shortage of IT security specialists and cyber professionals, making it difficult to stay up to date with the pace of change in the cyber landscape.

There can also be a lack of management recognition or understanding of the importance of cyber security, which may mean a failure to adopt a coordinated approach across functions.

While different countries face different challenges, there are broad regulatory themes and approached common across the region underlying the clutter of difference laws, rules and standards.

Framework

{CF_IMAGE}

Cyber-attacks are inevitable. Regulators and organisations must accept this and turn their attention to building enterprise-wide programs to ensure they can adapt quickly and effectively to the constantly changing landscape. The ability to recover fast is critical.

Beyond individual action, it is important for industry, regulators and governments to work together to further enhance cyber skills and expertise, to develop common standards and approaches, and to support information sharing.

Coordinated responses to incidents and attacks, drawing on group knowledge and experience, is a key element to maintaining cyber resilience within the system as a whole and among its many participants.

{CF_IMAGE}

Kevin Nixon & James Nunn-Price are partners, risk advisory at Deloitte