Cyber Resilience is a highly revered tactical approach adopted across the modern Cloud and SaaS-driven products and services industry. In the financial services industry, cyber resilience allows the company to predict / forecast, analyze and prepare against any cyber threats that could affect its operations. In its latest report on cyber resilience, The Financial Stability Board (FSB) has highlighted the existing approaches to cyber incident reporting and next steps for broader convergence.
Recently, the FSB had announced fresh updates on the means to enhance cyber resilience in non-bank financial intermediation and address challenges in cross-border payments. Digital payments and cross-border online transactions systems are among the worst-hit fintech categories that are “frequently” impacted by sophisticated cyber attacks in recent months.
Top Digital Fintech News: HSB Acquires Zeguro’s Cybersecurity Digital Platform for Small Businesses
What is Cyber Resilience and Why You Should Focus on This Approach
Cyber incidents have grown in numbers and magnitude of their impact on the global economy. No business is untouched by the ill effects of cyber security threats and data leak incidents. Perpetrators carry out cyberattacks with an intent to viciously paralyze existing data management practices, and permanently damage the company’s reputation. Cyber resilience, to a large extent, can prevent companies from getting sucked into the unforeseen vortex.
What is Cyber resilience?
We have many online definitions for cyber resilience. However, this definition supposedly provides the most complete picture of modern-day benchmarks in cyber incident reporting and how organizations can work with security agencies to prevent incidents.
The definition states:
“Cyber resilience is the ability of an organization to enable business acceleration (enterprise resiliency) by preparing for, responding to, and recovering from cyber threats. A cyber-resilient organization can adapt to known and unknown crises, threats, adversities, and challenges.”
What the FSB Found in its Report
Cyber incidents remain a threat to the financial system and are rapidly growing in frequency and sophistication. In light of increasing financial stability concerns, especially given the digitalization of financial services and increased use of third-party service providers, the FSB explored whether harmonization in cyber incident reporting could be achieved.
The FSB found that fragmentation exists across sectors and jurisdictions in the scope of what should be reported for a cyber incident; methodologies to measure severity and impact of an incident; timeframes for reporting cyber incidents; and how cyber incident information is used. This fragmentation could undermine a financial institution’s response and recovery actions, and underscores a need to address constraints in information-sharing among financial authorities and financial institutions.
Fintech Insights:Â Future Of Payment: Top 10 Payment Trends Of Future
The report notes that greater harmonization of regulatory reporting of cyber incidents would promote financial stability by:
(i) building a common understanding, and the monitoring, of cyber incidents affecting financial institutions and the financial system,
(ii) supporting effective supervision of cyber risks at financial institutions; and
(iii) facilitating the coordination and sharing of information amongst authorities across sectors and jurisdictions.
Recommendations from FSB
The FSB has identified three ways that it will take work forward to achieve greater convergence in cyber incident reporting:
- Develop best practices. Identify a minimum set of information related to cyber incidents that financial authorities may require to promote financial stability.
- Identify common types of information to be shared. This would help authorities better understand impacts of a cyber incident across sectors and jurisdictions, and to understand any legal and operational impediments to share such information.
- Create common terminologies for cyber incident reporting. Further work on cyber incidents will be underpinned by a common language, including a common definition for ‘cyber incident’.
By the end-2021, the FSB will develop a detailed plan for taking this work forward.
[To share your insights with us, please write to sghosh@martechseries.com]
