Following the implementation of stricter European data protection regulations earlier this year, cybersecurity is at the top of the agenda of most businesses providing services, particularly in the context of protecting customer data. Under the General Data Protection Regulation (GDPR), if organisations suffer a data breach, they could now face fines of up to €20 million or four per cent of their annual global turnover, whichever is highest. There is also a heightened threat to all business due to the potential reputational damage data breaches may cause, as we have seen with the example of BA. As such, more businesses are looking to bolster their defences to remain compliant and avoid unnecessary fines and crippling effects of damages to their reputation.
Thus, it should come as no surprise that regulators globally have already been focusing on the importance of strong cyber defences. For example, in addition to GDPR, in the UK, the Financial Conduct Authority (FCA) has listed cybersecurity as a crucial part of its regulatory compliance agenda and provides specific guidelines for organisations on the disclosure of incidents. Similarly, the Monetary Authority of Singapore (MAS) places cybersecurity as a priority, since establishing an international advisory panel. The board, which includes its first chief cybersecurity officer in efforts to drive regulatory standards of compliance for the financial services market.
With cybersecurity at the forefront of the agenda of the financial markets regulators, many companies are asking if they can sleep easy at night as the adoption of cloud-based infrastructure grows rapidly to enable business growth. Are these moves from regulatory authorities impacting the pace of technological advancements in the industry and hindering business?
The increased emphasis on cybersecurity from financial services regulators is primarily driven by concerns around the continued health of the global financial markets. Regulatory intervention on such matters is often initially perceived as “additional burden,” “over-regulation,” or an “unwelcome distraction” from generating revenue. However, since many parts of the financial services market fail to drive change in how they manage systemic risks without regulatory intervention, such top-level intervention should be welcomed. Indeed, the whole ecosystem will be better protected and market participants can have the chance to collaborate on how the industry mitigates risk as a whole.
The need for a cultural shift
A cultural shift is required, however, when it comes to issuing management in the financial services. Organisations should encourage a movement away from brushing issues under the carpet and move towards a culture of proactive disclosure and day-to-day issue management.
As cyber threats advance, financial firms need to see this as an opportunity to develop processes and protections, regardless of legislation or pressure from regulators. With consumers holding organisations to a higher standard than ever before, firms are under growing pressure to stay ahead of the curve and be transparent, making appropriate adjustments early enough to protect their business and, ultimately, their customers. In fact, making changes in advance of regulators could earn the trust of new customers by showing stability, forward-thinking and corporate social responsibility.
To be proactive in applying best industry practices across the market, organisations should focus on managing an effective transition to cloud technology. Indeed, it would be wise for financial market participants to assess the following questions about their organisations: