Sibos 2019: Cultural barriers need to fall to make cybersecurity more transparent
“It’s critical not to let the bad guys win [the cybersecurity race] by letting them take advantage of our fragmented regulatory landscape,” says Norton Rose Fulbright’s head of technology and innovation Stella Cramer at Sibos London.
The fragmentation comes from different countries’ approaches. Whilst Singapore, where Cramer is from, is more prescriptive, the UK is more principles focused because of the Financial Conduct Authority’s (FCA) involvement.
“It’s really hard to accumulate data on cybersecurity breaches because lots of incidents aren’t public,” says Cramer, who admits this is down to a “cultural barrier” in banking when it comes to data sharing.
Cramer, who is also FinTech Southeast Asia’s head, ranks firms in order of vulnerability to cybersecurity threats, starting with retail banks, then moving to the increasing risks to central banks, and finishing with the emerging dangers creeping up on fintechs who rely entirely on technology to function.
In a US International Monetary Fund (IMF) report based heavily on media reports to get a better indication of private as well as public breeches, the data extrapolated revealed 75% of banks do have information-sharing arrangements with regulators, but only 32% of regulators send information back to banks about potential threats and what to look out for.
This is why Cramer puts the onus on banks to anticipate risk, telling them to go “further than International Organisation for Standardisation (ISO) requirements”.
One tip Cramer suggests to organisations which find banking secrecy barriers impenetrable is to anyonymise as much data as they can, but ultimately her message is one of breaking barriers down so more organisations feel they can admit and share their vulnerabilities.