As 2023 comes to a close, it’s essential to look back at the major cybersecurity events of the year and extract crucial learnings and takeaways. This year has been marked by significant incidents that have reshaped our understanding of digital security, privacy, and cyber resilience. …
The blog “The Tale of Two Approaches to Artificial Intelligence – EU AI Act & U.S. Executive Order on Safe, Secure, and Trustworthy AI” was a balanced look at the similarities and difference in approaches to AI. The divergence of approach is a manifestation of …
The financial sector handles sensitive data and transactions that affect our economy and society. It is a critical sector and is vulnerable to cyberattacks. The SolarWinds, Colonial Pipeline, and Kaseya attacks to name a few, have exposed the weaknesses and gaps in our cybersecurity practices and regulations.
To address these challenges and enhance the digital resilience of the financial sector, the EU and the U.S. have introduced or updated cybersecurity regulations geared to harmonize and strengthen the cybersecurity requirements and standards for financial entities and their third-party service providers.
In the EU, the Digital Operational Resilience Act (DORA) which entered into force in January 2023 and will apply in January 2025 establishes a framework for the management of ICT risks. DORA introduced principles and requirements for ICT risk management, ICT third-party risk management, digital operational resilience testing, ICT related incident reporting, information sharing and oversight of critical third-party providers.
In the U.S., the New York State Department of Financial Services (NYDFS) recently amended in November 2023, the regulations they enacted in 2017 which established cybersecurity requirements for financial service companies designed to promote the protection of customer information and the information technology systems of regulated entities, and to address the growing threats posed by cyberattacks.
This November 2023 NYDFS Part 500 regulation applies to all financial services companies that operate under or are required to operate under a license, registration, charter, certificate, permit, accreditation, or similar authorization under the Banking Law, the Insurance Law, or the Financial Services Law of New York. It includes and is not limited to banks, credit unions, insurers, money transmitters, mortgage brokers, and virtual currency businesses. The regulation also applies to any affiliates of such entities that have access to Non-Public Information or information systems of the regulated entity. The amended Part 500 has significant implications for financial sector companies in the U.S. and outside the U.S., as it sets a high bar for cybersecurity standards and expectations. It may also be an influencer of other regulators and jurisdictions to adopt similar or more stringent requirements as cybersecurity is a cross-border issue that affects the stability and integrity of the financial system.
Both DORA and Part 500 share common objectives and elements, such as ensuring the protection of customer information and the information systems of financial entities, promoting a risk-based and proportionate approach to cybersecurity, and fostering a culture of cybersecurity awareness and accountability among senior management, and board members. Application scope, prescriptiveness and level of detail, enforcement mechanisms and transitional periods differ. For financial sector companies that operate in both the U.S. and the EU should be aware of the similarities and differences between the two regulations and take the necessary actions to comply with both of them.
One of the key drivers and motivations for the development and update of these regulations is the rise of cyber threats and cybercrime that target the financial sector and pose significant financial, operational, reputational and legal risks for financial entities and their clients. Recent cyberattacks has confirmed the need and urgency for the financial sector to improve its cybersecurity posture and resilience and to comply with relevant cybersecurity regulations and standards. DORA and NYDFS Part 500 are only two examples of such regulations that aim to provide a comprehensive and consistent framework for the financial sector to manage its cybersecurity risks and challenges, and to protect its clients and the financial system from cyber threats and incidents. These regulations also reflect the evolving and dynamic nature of the cybersecurity landscape and the regulatory environment, and the need for the financial sector to keep pace with the changes to be able to bounce back from an attack.
Are we seeing a new wave of financial sector cybersecurity resilience building regulations? The short answer is yes.
Artificial Intelligence (AI) is one of the most powerful and transformative technologies of our time and it also poses significant challenges and risks for safety, security, human rights, and democracy. How can governments regulate AI to protect the public interest and values while fostering trust …
Cybersecurity is more than a technical issue as it has legal and financial implications for companies and investors. The recent U.S. Securities and Exchange Commission (SEC) charges levied against SolarWinds Corporation and its chief information security officer illustrates the serious consequences of failing to disclose …
As we delve into the intricacies of Cybersecurity Awareness Month this year, the intricate dance between evolving digital landscapes and complex cybersecurity challenges becomes ever more apparent. For every organization, especially those at the CISO, C-suite, and boardroom levels, the magnifying lens on cybersecurity has never been more potent. In the wake of sophisticated threats and complex compliance landscapes unfolding in 2023, there are three primary concerns that mandate immediate and strategic attention.
The first echo of concern resonates with the dynamic and continuously evolving threat landscape. AI-powered attacks, quantum computing, and enhanced phishing strategies are not prospects of the future – they are the pressing realities of today. Ransomware has metamorphosed into multifaceted attacks, leveraging AI to exploit vulnerabilities with unprecedented precision.
Leadership’s role in mitigating these risks involves a nuanced understanding of these advancements. Strategic investments in AI defence mechanisms, employee training, and adaptive security protocols are essential. Leaders must foster a culture of continuous learning and adaptation to counterbalance the evolving threats effectively.
2023 has ushered in a new wave of regulatory complexities. Data privacy and protection laws have expanded and morphed, responding to the ongoing explosion of data generation and sharing. GDPR, CCPA, and emerging global regulations are setting stringent standards, and non-compliance is no longer an option.
It is incumbent upon organizational leadership to meticulously understand these evolving standards. Effective governance, risk management, and compliance frameworks should be intricately woven into the corporate strategy, ensuring seamless adaptation and alignment with legal and ethical standards.
In the interconnected digital ecosystem of 2023, brand integrity is intricately tied to cybersecurity. The contemporary customer is informed, vigilant, and values privacy and security. A single breach can trigger a domino effect, with reputational damage, loss of customer trust, and substantial financial losses trailing behind.
The C-suite’s role in safeguarding organizational reputation is paramount. Promoting a culture where every employee is a sentinel of the company’s integrity, armed with the knowledge and tools to mitigate risks, is not a choice but a necessity.
As the curtains rise on the complexities of 2023, integrating cybersecurity into the organizational DNA is an imperative. It extends beyond technological defences, encompassing an informed leadership, a vigilant workforce, and an adaptive organizational culture.
Cybersecurity Awareness Month is a poignant reminder of the collective responsibility to elevate security protocols, enhance awareness, and fortify defences. In the face of 2023’s complexities, a proactive, informed, and adaptive approach to cybersecurity is the linchpin to not only survive but thrive in the intricate digital tapestry of the modern business landscape.
The journey ahead calls for unity, vigilance, and strategic foresight. Each stakeholder, from the boardroom to the operational levels, is a custodian of the organization’s integrity, resilience, and security in the face of evolving threats and opportunities. Every action, decision, and strategy sculpted today will echo in the cybersecurity narrative of tomorrow.
In our ongoing series, “Cybersecurity: The Unsung Hero of Revenue Protection,” we’ve explored how cybersecurity acts as a strategic business asset, protects revenue, builds customer trust, and enhances operational efficiency. In this final instalment, we turn our attention to the role of cybersecurity in ensuring …
In the previous parts of our series, “Cybersecurity: The Unsung Hero of Revenue Protection,” we’ve looked at cybersecurity as a strategic business asset, the financial implications of cyber threats, and its crucial role in fostering customer trust. This fourth instalment examines another crucial aspect of …
In the initial instalments of our series “Cybersecurity: The Unsung Hero of Revenue Protection,” we highlighted the pivotal role cybersecurity plays as a strategic business asset and underscored the significant financial implications of cyber threats. This third part brings into focus a crucial factor in today’s interconnected world—customer trust.
As our global society continues to become more digitally intertwined, the importance of customer trust in business cannot be overstated. In this scenario, cybersecurity goes beyond its traditional role of safeguarding information—it becomes an essential element in fostering trust and enhancing customer loyalty.
In today’s information-driven economy, customers share vast amounts of personal and financial information with businesses. They rightfully expect their data to be safeguarded with the highest security standards. Companies demonstrating a strong commitment to cybersecurity can significantly boost customer trust, thereby enhancing loyalty.
Robust cybersecurity measures can also help mitigate the risk of damaging data breaches that could tarnish a company’s reputation and erode trust. Thus, by effectively managing these risks, businesses can maintain and even enhance their customers’ trust.
Trust is more than just an emotional bond; it significantly impacts a company’s financial health. A trusted company often experiences higher customer retention rates. Given that attracting new customers is more expensive than retaining existing ones, trust can lead to considerable cost savings.
Moreover, trusted companies enjoy the benefits of word-of-mouth referrals, leading to new customer acquisition. Plus, customers of trusted companies tend to be more engaged, resulting in higher customer lifetime values.
Therefore, investment in cybersecurity transcends the realm of operational expense—it is an investment in trust building, customer loyalty enhancement, and ultimately, revenue growth.
A leading financial technology firm offers a compelling example of how investment in robust cybersecurity can enhance customer trust and subsequently, boost revenues.
This company, understanding the value of trust in their sector, prioritised cybersecurity. They implemented rigorous data protection measures and communicated their security protocols transparently to their customers.
Their commitment to cybersecurity wasn’t just a defensive strategy—it became a unique selling proposition. They leveraged their security stance as a competitive differentiator in the crowded fintech market.
This strategic use of cybersecurity had remarkable results. The company’s dedication to data protection fostered increased trust and loyalty among their customer base. This led to higher customer retention rates and new customer acquisitions via referrals. Consequently, the company experienced substantial revenue growth, proving that their cybersecurity investment was a strategic business move.
In conclusion, in our interconnected, information-rich world, trust has become an invaluable asset for businesses. Companies that recognise this and invest in cybersecurity to protect customer data can enhance trust, boost customer loyalty, and drive revenue growth.
Stay tuned for the next instalment in our series, where we will discuss how cybersecurity fuels digital transformation and innovation.
We have published a number of new videos/podcasts in our Secure-in-Mind series, featuring a wide range of distinguished and exciting guests. Whether you’re interested in fraud/cybercrime, education, incident response, policy, diversity, cyber risk insurance – the CyAN Secure-in-Mind channel is a great place for informed …