Financial services firms urged to step up cyberattack defences
Banks and insurers are failing to understand and appreciate cybersecurity risks, Central Bank deputy governor Ed Sibley has warned.
Speaking at an event in Dublin yesterday, Mr Sibley said a change in mindset is needed - that data must be seen as a valuable asset and money invested in protecting it.
"We have seen evidence of risks and messages being diluted as they are filtered up through the organisation such that they are so high-level once they get to senior levels that they lose their meaning or impact," Mr Sibley said.
The Central Bank has an IT inspection team designed to measure cyber risk. Firms can face sanctions, including the revocation of their Central Bank authorisation. Appian Asset Management was fined earlier this year after a cyberfraud caused client funds to be lost.
"Cybersecurity needs to become part of the culture of an organisation and an integral part of the organisation's risk management, crisis management, and business continuity planning," Mr Sibley said.
"Senior management and boards of financial services firms need to own these critical risks and build resilience in their firms to be able to endure and survive operational or technology-related shocks, be they systems failures, change processes gone wrong, or a data breach."
Separately, KPMG expects Britain to ignore calls to loosen banking rules after Brexit and said in a report yesterday that the country may even become tougher with measures to protect consumers and defend its financial stability from cyberattacks. Britain's regulators are facing pressure in some quarters to cut bankers some slack to help London remain a top global financial sector and major export earner after it leaves the EU in March 2019.
But the Government has said it will need to be able to impose standards that are higher than the global average to ensure financial stability.
Financial services minister Jon Glen told the 'Financial Times' this week that Britain would "do whatever it takes" to maintain its status as a global financial hub.
Consultants KPMG said that Britain's long-history of "super equivalence", the practice of going beyond EU and international rules, is likely to continue.
"I see no sign that the UK regulators' tendency to lead the debate on risk and conduct issues will abate, so regulation may become more demanding, not less," Julie Patterson of KPMG's Regulatory Insight Centre said.
Charles Randell, chairman of Britain's Financial Conduct Authority, said on Tuesday that it does not see Brexit as an opportunity to join a race to the bottom. KPMG said UK regulators were already becoming more hardline on issues like operational resilience at banks.
This week the FCA fined Tesco Bank £16.4m (€18.5m) for failing to head off a "foreseeable" cyberattack.
Britain is also going ahead with rolling out senior manager accountability rules at banks to the wider financial sector next year, even though the EU has no equivalent regulation.
Additional reporting Reuters