A committee of central bankers are working with the Bank for International Settlement (BIS) to explore ways of tackling the threat cybersecurity poses for the financial services industry – in the first initiative designed to set a global common standard.
With cyber attacks against financial services firms continuing to escalate, the need to standardise best practice across the industry has becoming a pressing issue for many.
According to a PWC report, in 2015, 38% more security incidents were detected than the previous year, while theft of hard intellectual property increased 56% in 2015.
As the volume and severity of security breaches increases, regulatory organisations and governments are also voicing concern. The FCA recently reported a huge spike in the number of reported incidents, from just five in 2014 to 75 in 2015. While these numbers are likely to only touch the tip of the iceberg when compared to those attacks that go unreported – the statistics still present a worrying trend.
New York Gov. Andrew Cuomo has also proposed cyber security regulations for banks, which would increase the onus on technology departments to invest in cyber protections. The prospect of mandated investment in cyber security comes at a difficult time for the banks, as they grapple with compliance issues and growth in competition from non-bank firms.
Yet, many institutions are already taking proactive measures. A 24% rise in security budgets split across a number of initiatives designed to mitigate the risk of cybersecurity breaches, such as employee awareness programmes and enhanced monitoring tools, appears to be paying dividends. PWC noted a 5% decline in financial losses associated with cyber attacks in a year-on-year comparison.
However, the absence of a common standard has led to discrepancies in the ability for some financial institutions to handle online attacks, something that has become particularly apparent in developing economies across Asia.
With up to 90% of Asia-Pacific companies targeted by cyber-attacks this year, a 76% rise from the year before, many firms are playing a high price for breaches online. $81.3bn out of a global total of $315bn was lost to cyber-attacks in the region exceeding those in North America and the EU by about $20bn.
Yet, the consequences of a security breach are also reputational. With many financial services firms acting as custodian for sensitive information – the need to stop data from entering the wrong hands is a critical issue.
But there is now growing recognition that a proactive, cross border response is required. Recent attacks affecting Bangladesh, the Philippines, Taiwan, Thailand, Vietnam, and Japan, have prompted officials to gather in Singapore next month to discuss how these economies can mitigate the impact of cyberattacks.
Already this year, Japan has made proactive moves to introduce reforms that will allow the country’s banks to invest directly in technology to defend against cyber-attacks.
While national programmes designed to increase cybersecurity is certainly a step in the right direction, the need for a common global standard should not be underestimated.
Much like the global Code of Conduct for the foreign exchange market, also spearheaded by the BIS, a solution must be universal in its application to instigate comprehensive, rather than siloed progress.