Hatstand aims cyber-security service at capital markets
Global capital markets specialist, Hatstand, has launched a cyber-security risk assessment service that will enable businesses to better understand the current state of their preparedness against the risk of cyber-attacks and identify any shortfalls in their existing governance programmes.
In light of the increasing volume of cybersecurity threats and breaches, both the Security and Exchange Commission and Financial Industry Regulatory Authority have made cyber-security preparedness a top priority for their 2015 member firm examinations. This is reinforced by research conducted at this year’s FICO’s Asia Pacific CRO Forum, which showed that 64% of the region’s 34 senior bank executives claim that they feel unprepared for cyber-attacks.
Lisa Toth, US head of risk, compliance and regulation at Hatstand, said, “Cyber-security really should be treated as an iterative and organic process and it must be acknowledged that every business, irrespective of size, is susceptible to cyber-attacks. There is not a one size fits all solution to cybersecurity and a tailored approach will enable each firm to fit the framework to both their risk appetite and budget on a strategic and tactical basis.”
Hatstand’s tools pull data from the National Institute of Standards and Technology Cybersecurity Framework, the SEC/FINRA cybersecurity examination and the recently published Federal Financial Institutions Examination Council Cyber Security Assessment Tool.
Hatstand’s risk assessment model takes a proactive approach to cyber risk management. Through a process of interviews and self-assessments, it creates a comprehensive picture of an organisation’s current and desired state of governance.
The findings are used to create a report highlighting heat maps of key controls and gaps, aligned with internal key performance indicators.
“With cybersecurity directly affecting clients’ data, networks, hardware, software, and operations it is crucial that organisations have sound governance practices in place in order to protect them from theft, business disruption and destruction,” said Toth. “Cyber-security is more than just an IT related issue; it needs to be something that is viewed as part of the overall enterprise risk management of the business.”