'The Financial Sector is one of the Prime Targets of Cyber Attacks'
On April 6th 2016, the International Organization of Securities Commissions (IOSCO) issued its report on Cybersecurity in Securities Markets – An International Perspective. The report provides a review of the different regulatory approaches related to cybersecurity and the potential tools available to regulators to respond to cyber risk.
Throughout its report, IOSCO leans on the National Institute of Standards and Technology (NIST) Framework, repeating the “identify, protect, detect, respond, and recover” mantra across the working group streams. The report also covers cyber related guidance by regulators from Australia, Canada, France, Hong Kong, India, Malaysia, Mexico, Singapore, the UK and the US, and is a clear summary of current initiatives. Furthermore, it details examples of how regulators around the globe have taken different approaches on how to handle cybersecurity concerns, ranging from management arrangements to a principles-based approach.
Across the world, governments and financial authorities are taking important steps to mitigate cyber risks in financial markets. Lisa Toth, US Head of Regulation and Risk at Hatstand, comments: "In light of the ever changing cybersecurity landscape, this new report gives interesting insights into the range of regulatory measures being taken by different countries and how we can all learn from each other's initiatives. As IOSCO highlights, the report indicates that ‘cyber risk is not just another risk but rather it is a unique, highly complex and rapidly evolving phenomenon’. At Hatstand, we couldn't agree more with this and we also support the view that cybersecurity should be treated as an iterative and organic process within an organisation itself; it needs to be something that is viewed as part of the overall enterprise risk management of the business.”
Toth continues, “There is, however, not a one-size-fits-all solution to cybersecurity, and a tailored approach will enable each firm to fit a framework to both its risk appetite and budget on a strategic and tactical basis. With cybersecurity directly affecting clients’ data, networks, hardware, software, and operations, organisations cannot afford to not have sound governance practices in place in order to protect them from theft, business disruption, and destruction."
In a previous blog article authored by Toth, it’s deemed critical that organisations should be assessing and identifying possible risks, determining the likelihood of such events occurring and preparing response(s) accordingly. By doing so, this will help organisations determine their risk tolerance and prioritise cybersecurity counter-measures.
“By implementing the right tools and working with the right strategic partner a business can perform a risk assessment and deliver clarity, not only to the regulators, but also to the key stakeholders of its key assets, concerning current status, and gaps in its controls and processes. A baseline assessment can then be used to evolve a working plan to mitigate the gaps and demonstrate to the regulators and stakeholders that the firm is taking its cyber risk management responsibilities extremely seriously.”
Access the full report of IOSCO's 'Cyber Security in Securities Markets – An International Perspective' to discover more about the different cybersecurity approaches being taken on a global and regional level.