Cybersecurity
As companies around the world focus on how to best make use of new technology to enhance their business and training programmes, EBTN members aim to learn from and guide each other through this transition. Here we consider some of the latest opportunities, innovation and challenges brought about by digital transformation in the banking and finance sector.
From the policy-making perspective, and in particular looking at the Digital Operational Resilience Act, the overall ambition remains to embrace digital finance for the benefit of consumers and businesses, with the aim of building a Europe fit for the digital age.
Great consideration is also given to the current and emerging threats to security: “In the digital age, information and communication technology (ICT) supports complex systems used for everyday activities. It keeps our economies running in key sectors, including the financial sector, and enhances the functioning of the internal market. Increased digitalisation and interconnectedness also amplify ICT risk, making society as a whole, and the financial system in particular, more vulnerable to cyber threats or ICT disruptions.”[1]
According to the European Banking Federation, changing business patterns, operators and risks raise questions on the suitability of the regulatory framework, for example:
- Is it the entity or the activity regulated?
- Do we need a mix?
- Do we need to make a distinction between the players?
- How to ensure cyber resilience for the interconnected actors?
This comes in addition to “traditional” regulation on consumer protection, prudential regulation, and financial stability. The cyber threat landscape is constantly evolving, from ransomware, DDoS and phishing/smishing/vishing attacks to more advanced, persistent attacks, which brings about the need for individual institutions to assess their cybersecurity practices and policies to ensure their resilience.
With company staff acting as “the human firewall”, it is vital that employees are effectively trained to manage security in their day-to-day work. This might entail, for example, being alert to unusual requests and tempting offers.
It is also vital, however, that employees fully comprehend their role in strengthening the security system of the entire organisation, and perhaps even how this extends beyond the boundaries of their own company, to the broader call for combatting cyber-attacks within the sector: “Member States have come to agree on the need to increase cooperation and make joint efforts to develop a common approach meant to strengthen the European cyberspace.” Juhan Lepassaar, Executive Director, European Union Agency for Cybersecurity
Strategic reflections
- It is important to review and also to question the regulation and policy landscape in order to better understand how new technologies are being rolled out and monitored in different regions globally, and how some of the associated risks, especially around data protection and cybersecurity, are being mitigated.
- Collective and systemic approaches to solving issues around cybersecurity and resilience are increasingly required to combat new and evolving security challenges in the sector.
- As a global network, EBTN has a role to play in sharing best practice and continuing to collaborate with policy-oriented organisations like the European Banking Federation to keep its members informed of the latest developments
[1] Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (Text with EEA relevance), http://data.europa.eu/eli/reg/2022/2554/oj