By Lisa Toth, US Head of Risk, Compliance and Regulation at Hatstand
Cybersecurity is a key concern for our senior political leaders, regulators and industry professionals. However, keeping business and client data secure can be a challenge as it crosses global networks, computing and PDA devices.
Many industry experts predict that it is not a matter of IF, but WHEN a firm will experience a cybersecurity breach and it was reported that the number of Cybersecurity attacks increased by over 50% in 2014 over the number recorded in 2013.
With such a high threat, the Security and Exchange Commission (SEC) and Financial Industry Regulatory Authority (FINRA) have made cybersecurity preparedness a top priority for their 2015 member firm examinations. Furthermore, the Commodity Futures Trading Commission (CFTC) is weighing in as indicated by the recent remarks made by its Chairman, Timothy Massad that “Cybersecurity is the most important single issue facing our markets today in terms of market integrity and financial stability.”
More countries are taking the initiative to educate their ‘net’ citizens and are creating policies and guidelines for firms and individuals to create awareness of such crimes. And in Europe the EU is putting together a Cybersecurity Directive that is supposed to apply to all business sectors. Although some of the EU regulations recently passed or currently under consultation have some cybersecurity elements, nothing has been specifically aimed at the financial services industry.
With cybersecurity directly affecting clients, data, networks, hardware, software and operations and protecting them from theft, business disruption and destruction, specialist financial technology company Hatstand, has prepared a white paper that evaluates how businesses need to have sound governance practices in place and recognize that cybersecurity is more than just an IT related issue. It also examines how the threat of a cyber attack should be viewed as part of the overall enterprise risk management of the firm, with Board oversight and a proper risk framework covering identification, protection, detection, response and recovery. Firms should be identifying their possible risks, assessing the likelihood of the event occurring and preparing their response(s). Once armed with this information, they can then determine their risk tolerance and prioritise their cybersecurity counter-measures. This is an iterative process that needs to be continuously reviewed and updated as the environment is constantly changing.
Regulators around the globe are increasing their focus on the cybersecurity readiness of the firms they regulate, wanting to see a demonstration of this through a risk assessment. Hatstand’s white paper looks at how implementing the right tools and working with the right strategic partner can help a business perform a risk assessment and deliver clarity, not only to the regulators, but also to the key stakeholders of its key assets, concerning current status, and gaps in its controls and processes. A baseline assessment can then be used to evolve a working plan to mitigate the gaps and demonstrate to the regulators and stakeholders that the firm is taking its cyber risk management responsibilities extremely seriously.
To download a full copy of Hatstand’s white paper, please click on the below link:Demonstrating cybersecurity readiness to regulators through risk assessments