In a follow up to our recent Cybersecurity webcast with Dr Jacqui Taylor and CUBE’s regulatory change expert David Noble, we round up their thoughts on how cybersecurity regulation changes can be managed with technology.
Cybercrime is a growing issue, potentially exposing financial institutions to financial and reputational losses. Robust regulation and legislation is in place to safeguard customers against known risks, and emerging threats are tackled with frequent changes to legislation and regulation. This means that the costs associated with staying abreast of, and managing, these regulatory changes are continually escalating, especially for organizations that operate across multiple jurisdictions.
Cybercrime at glance
- Between November 2017 – April 2019, there were 3.5 billion attacks involving previously breached data.
- The financial services sector was victim to 50% of all worldwide phishing attacks.
- In the US alone, 260 million records have been hacked since 2016.
- It is estimated to cost businesses around $38 billion.1
The above stats highlight how cybercrime can have catastrophic effects – ranging from loss of trust and reputational damage through to financial losses linked to fraud, litigation costs, loss of revenue and regulatory enforcement fines.
Not just the traditional players at risk
Legacy systems, which often lack resilience and can be vulnerable to increasingly sophisticated cyber criminals, heighten the risk for established financial services institutions. And the new breed of digital-only financial services firms can also be susceptible to cybercrime, due to their dependency on innovative and emerging technology and their reliance on third-party technology providers.
Staying on top of regulation changes
Continuously tracking all cybersecurity stipulations, understanding how they impact a business, and putting robust policies and controls in place is a vital process when trying to remain compliant with regulatory obligations. While most businesses will have this process in place, its efficiency and effectiveness can be poor due to a reliance on manual research using disparate data sources. Leading to the monitoring of the continually changing cybersecurity regulation to become a costly and time-consuming challenge for any regulated financial institutions (RFI).
That’s why it’s not surprising that, according to the Financial Services Sector Co-ordinating Council2, Chief Information Security Officers (CISO) can end up spending up to 40% of their time managing cybersecurity compliance requirements, rather than focusing on ways to protect their business.
How to successfully manage regulatory obligations
At CUBE, we are seeing more and more RFI needing help to manage their regulatory change management processes in a faster, smarter and more cost-efficient way. Essentially, customers need to make sure the right information is getting to the right people in a timely and effective manner. So, how can CISOs free up the time they spend managing cybersecurity compliance requirements?
CISOs can accomplish this by ensuring that their organization has a robust, automated means of keeping their business informed about regulatory changes; along with the ability to interpret them, understand their impact on policies and controls, and maintain a failsafe audit trail that tracks compliance actions and decision rationale. This can be achieved by embracing emerging regulatory technology (RegTech) to replace manual methods. This is where artificial intelligence (AI), which underpins our CUBE Digital Regulation Platform (DRP), can provide a smart and efficient process for managing regulatory obligations.
To keep pace with cybersecurity regulation changes, an RFI must have the processes in place to capture the regulation intelligence and automatically map it to their business in order to quickly understand their obligations and compliance status. The quicker they are able to respond to regulatory change, the less exposed to cybercrime risk the RFI will be, potentially saving them from huge regulatory enforcement fines.