SAVE THE DATE - APPLICATIONS AND PARTNRESHIP OPPORTUNITIES OPENING SOON!

Global Governance Insights on Emerging Risks

Share

Bleu Azur Consulting | June 17, 2018

A HEIGHTENED FOCUS ON RESPONSE AND RECOVERY

Over a third of directors of US public companies now discuss cybersecurity at every board meeting. Cyber risks are being driven onto the agenda by

  • high-profile data breaches,
  • distributed denial of services (DDoS) attacks,
  • and rising ransomware and cyber extortion attacks.

The concern about cyber risks is justified. The annual economic cost of cyber-crime is estimated at US$1.5 trillion and only about 15% of that loss is currently covered by insurance.

MMC Global Risk Center conducted research and interviews with directors from WCD to understand the scope and depth of cyber risk management discussions in the boardroom. The risk of cyberattack is a constantly evolving threat and the interviews highlighted the rising focus on resilience and recovery in boardroom cyber discussions. Approaches to cyber risks are maturing as organizations recognize them as an enterprise business risk, not just an information technology (IT) problem.

However, board focus varies significantly across industries, geographies, organization size and regulatory context. For example, business executives ranked cyberattacks among the top five risks of doing business in the Asia Pacific region but Asian organizations take 1.7 times longer than the global median to discover a breach and spend on average 47% less on information security than North American firms.

REGULATION ON THE RISE

Tightening regulatory requirements for cybersecurity and breach notification across the globe such as

  • the EU GDPR,
  • China’s new Cyber Security Law,
  • and Australia’s Privacy Amendment,

are also propelling cyber onto the board agenda. Most recently, in February 2018, the USA’s Securities and Exchange Commission (SEC) provided interpretive guidance to assist public companies in preparing disclosures about cybersecurity risks and incidents.

Regulations relating to transparency and notifications around cyber breaches drive greater discussion and awareness of cyber risks. Industries such as

  • financial services,
  • telecommunications
  • and utilities,

are subject to a large number of cyberattacks on a daily basis and have stringent regulatory requirements for cybersecurity.

See:  Bithumb $31 Million Crypto Exchange Hack: What We Know (And Don’t)

Kris Manos, Director, KeyCorp, Columbia Forest Products, and Dexter Apache Holdings, observed, “The manufacturing sector is less advanced in addressing cyber threats; the NotPetya and WannaCry attacks flagged that sector’s vulnerability and has led to a greater focus in the boardroom.” For example, the virus forced a transportation company to shut down all of its communications with customers and also within the company. It took several weeks before business was back to normal, and the loss of business was estimated to have been as high as US$300 million. Overall, it is estimated that as a result of supply chain disruptions, consumer goods manufacturers, transport and logistics companies, pharmaceutical firms and utilities reportedly suffered, in aggregate, over US$1 billion in economic losses from the NotPetya attacks. Also, as Cristina Finocchi Mahne, Director, Inwit, Italiaonline, Banco Desio, Natuzzi and Trevi Group, noted, “The focus on cyber can vary across industries depending also on their perception of their own clients’ concerns regarding privacy and data breaches.”

LESSONS LEARNED: UPDATE RESPONSE PLANS AND EVALUATE THIRD-PARTY RISK

The high-profile cyberattacks in 2017, along with new and evolving ransomware onslaughts, were learning events for many organizations. Lessons included the need to establish relationships with organizations that can assist in the event of a cyberattack, such as l

  • aw enforcement,
  • regulatory agencies and recovery service providers
  • including forensic accountants and crisis management firms.

Many boards need to increase their focus on their organization’s cyber incident response plans. A recent global survey found that only 30% of companies have a cyber response plan and a survey by the National Association of Corporate Directors (NACD) suggests that only 60% of boards have reviewed their breach response plan over the past 12 months. Kris Manos noted, “[If an attack occurs,] it’s important to be able to quickly access a response plan. This also helps demonstrate that the organization was prepared to respond effectively.”

Experienced directors emphasized the need for effective response plans alongside robust cyber risk mitigation programs to ensure resilience, as well as operational and reputation recovery. As Jan Babiak, Director, Walgreens Boots Alliance, Euromoney Institutional Investor, and Bank of Montreal, stressed, “The importance of the ’respond and recover’ phase cannot be overstated, and this focus needs to rapidly improve.”

Directors need to review how the organization will communicate and report breaches. Response plans should include preliminary drafts of communications to all stakeholders including customers, suppliers, regulators, employees, the board, shareholders, and even the general public. The plan should also consider legal requirements around timelines to report breaches so the organization is not hit with financial penalties that can add to an already expensive and reputationally damaging situation. Finally, the response plan also needs to consider that normal methods of communication (websites, email, etc.) may be casualties of the breach. A cyber response plan housed only on the corporate network may be of little use in a ransomware attack.

Other lessons included the need to focus on cyber risks posed by third-party suppliers, vendors and other impacts throughout the supply chain. Shirley Daniel, Director, American Savings Bank, and Pacific Asian Management Institute, noted, “Such events highlight vulnerability beyond your organization’s control and are raising the focus on IT security throughout the supply chain.” Survey data suggests that about a third of organizations do not assess the cyber risk of vendors and suppliers. This is a critical area of focus as third-party service providers (e.g., software providers, cloud services providers, etc.) are increasingly embedded in value chains.

More:  The growing cost of cybersecurity

FRUSTRATIONS WITH OVERSIGHT

Most directors expressed frustrations and challenges with cyber risk oversight even though the topic is frequently on meeting agendas. Part of the challenge is that director-level cyber experts are thin on the ground; most boards have only one individual serving as the “tech” or “cyber” person. A Spencer Stuart survey found that 41% of respondents said their board had at least one director with cyber expertise, with an additional 7% who are in the process of recruiting one. Boards would benefit from the addition of experienced individuals who can identify the connections between cybersecurity and overall company strategy.

A crucial additional challenge is obtaining clarity on the organization’s overall cyber risk management framework. (See Exhibit 1: Boards Need More Information on Cyber Investments.) Olga Botero, Director, Evertec, Inc., and Founding Partner, C&S Customers and Strategy, observed, “There are still many questions unanswered for boards, including:

  • How good is our security program?
  • How do we compare to peers?

There is a big lack of benchmarking on practices.” Anastassia Lauterbach, Director, Dun & Bradstreet, and member of Evolution Partners Advisory Board, summarized it well, “Boards need a set of KPIs for cybersecurity highlighting their company’s

  • unique business model,
  • legacy IT,
  • supplier and partner relationships,
  • and geographical scope.”

Nearly a quarter of boards are dissatisfied with the quality of management-provided information related to cybersecurity because of insufficient transparency, inability to benchmark and difficulty of interpretation.

EFFECTIVE OVERSIGHT IS BUILT ON A COMPREHENSIVE CYBER RISK MANAGEMENT FRAMEWORK

Organizations are maturing from a “harden the shell” approach to a protocol based on understanding and protecting core assets and optimizing resources. This includes the application of risk disciplines to assess and manage risk, including quantification and analytics. (See Exhibit 2: Focus Areas of a Comprehensive Cyber Risk Management Framework.) Quantification shifts the conversation from a technical discussion about threat vectors and system vulnerabilities to one focused on maximizing the return on an organization’s cyber spending and lowering its total cost of risk.

See:  FSB warns of third-party FinTech risk

Directors also emphasized the need to embed the process in an overall cyber risk management framework and culture. “The culture must emphasize openness and learning from mistakes. Culture and cyber risk oversight go hand in hand,” said Anastassia Lauterbach. Employees should be encouraged to flag and highlight potential cyber incidents, such as phishing attacks, as every employee plays a vital role in cyber risk management. Jan Babiak noted, “If every person in the organization doesn’t view themselves as a human firewall, you have a soft underbelly.” Mary Beth Vitale, Director, GEHA and CoBiz Financial, Inc., also noted, “Much of cyber risk mitigation is related to good housekeeping such as timely patching of servers and ongoing employee training and alertness.”

Boards also need to be alert. “Our board undertakes the same cybersecurity training as employees,” noted Wendy Webb, Director, ABM Industries. Other boards are putting cyber updates and visits to security centers on board “offsite” agendas.

Continue to the full article --> here

 

Click for News:

 

NCFA / Team FFCON19, March 19, 2019 FFCON19 FEARLESS to address the challenges and successes of entrepreneurs and innovators in the vanguard of transforming the financial industry TORONTO, BC / ACCESSWIRE / March 19, 2019 / The National Crowdfunding & Fintech Association (NCFA), the non-profit cross-body organisation that promotes and supports fintech and funding throughout Canada, is proud to announce additions to the speaker line-up and programme for its flagship Fintech and Financing Conference - FFCON19: FEARLESS - taking place in Toronto April 3-4. Now in its 5th year, FFCON19 will bring together prominent industry experts, entrepreneurs, professionals, regulatory bodies and ecosystem stakeholders in fintech, blockchain, crypto, AI, capital markets innovation and alternative finance to discuss Canadian fintech and its ability to innovate and globally compete, the latest industry developments, emerging regulation, trends and thought leadership in a fearless framework and forum. The two-day event will feature inspiring keynote addresses and panel discussions with industry leaders, pitching competitions, awards, and prime networking opportunities. Prominent speakers include The Honorable Bill Walker, Minister of Consumer and Government Services, Ontario, and steward of the Province's new Data policy; and Teri Kirk, Founder & CEO of Fundingportal who will discuss Open Data vs. Proprietary ...
Read More
NCFA Announces Additions to Speaker Line-Up and Program for 5th Annual Fintech and Financing Conference in Toronto
Bloomberg | By Doug Alexande and Matt Robinson | March 19, 2019 His crimes: identity theft related to a bank-and-credit card scam. His sentence: 18 months in U.S. federal prison and, later, deportation to Canada. Once there, Omar Dhanani underwent a remarkable transformation -- into a new identity and the wild world of cryptocurrencies. Dhanani, now known as Michael Patryn, has emerged as an enigmatic figure in the strange case of Quadriga Fintech Solutions Corp., the digital exchange owner that hasn’t been able to find C$260 million ($195 million) of clients’ cash and cryptocurrencies. Patryn co-founded Quadriga five years ago with the late Gerry Cotten, whose sudden death in December at age 30 left the Vancouver-based firm in shambles. Patryn denied he was Dhanani in a Feb. 8 report in Canada’s Globe and Mail newspaper and disputed a subsequent report linking him to a criminal past. But Canadian records obtained by Bloomberg News confirm he legally changed his name -- twice: in 2003 and in 2008. The revelation adds a new layer to the mystery surrounding Quadriga, whose closure in January left 115,000 clients wondering if they’ll ever get their money back. Cotten ran the operation mostly from his laptop, so ...
Read More
Criminal Past Haunts Surviving Founder of Troubled Crypto Exchange
Ryan Aceman, special to BNN Bloomberg | March 15, 2019 #FFCON19 is set to showcase the importance of being fearless to succeed in Fintech 12 cutting-edge companies will compete in a ground-breaking pitch competition  Key emerging trends from tech and investment realms will be highlighted Where finance and technology meet, lies one of the most fascinating sectors of the modern world. From its inception, the financial technology (Fintech) space has been built on inventive thinking and unconventional concepts. This crucial intersection has the power to transform global banking, investing, and many other sectors that people and businesses interact with on a daily basis. "The Canadian Fintech industry is leading the way in revolutionizing financial services and events such as FFCON19 to help create a strong ecosystem that cultivates innovation and growth.  Excited to be a part of it!" — Dr. Dan Rosen, CEO of d1g1t.com From April 3rd–4th in Toronto, Ontario, FFCON2019: Fearless will aim to embody this innovative essence, hosting a variety of influential thought leaders, industry experts, and 750 attendees. The event will function as a comprehensive and daring expo showcasing innovators and disrupters that are having significant impacts within Fintech. Attendees will learn vital content delivered from ...
Read More
Canada’s leading Fintech and financing conference
Chainbits | Nathan Rodriguez | March 14, 2019 After the ongoing saga of Canada’s largest cryptocurrency exchange QuadrigaCX’s downfall, another Canadian cryptocurrency company is now coming under scrutiny. Canada Bitcoin Exchange Inc. is now being investigated as a possible scam. Warning Against Canada Bitcoin Exchange The British Columbia Securities Commission (BCSC), a Canadian financial regulator, has issued a warning against Canada Bitcoin Exchange. The watchdog stated that the company was offering overly attractive BTC (Bitcoin) investment plans to its customers. Canada Bitcoin Exchange was offering 4 different BTC investment plans on its website. Each of the programs asked users to invest a certain amount of capital for a period of 24 to 48 hours. In return, the company offered returns that started at 3.586% and went as high as 7.985%. The website stated that Canada Bitcoin Exchange would reinvest customers’ BTC in other stocks as well as cryptocurrencies. The company claimed to have a team of professional market analysts in place who knew how to find hot stocks. The company also stated that this project was run by the Canada Bitcoin Exchange Group. Signs of a Scam Upon investigating the company, the BCSC found that Canada Bitcoin Exchange was an ...
Read More
Another Canadian Crypto Exchange Under Fire
Dr Dan Rosen is a FinTech Entrepreneur and Quant. He is currently the Chief Executive Officer of d1g1t Inc., a new digital wealth management platform, powered by analytics, that offers advanced transparent portfolio management services to advisors and their individual investors. He is an Adjunct Professor of Mathematical Finance at the University of Toronto and was the first Director of the Centre for Financial Industries at the Fields Institute for Research in Mathematical Sciences. Dr Rosen was the co-founder and CEO R2 Financial Technologies, acquired by S&P Capital IQ in 2012, and where he was Managing Director for Risk and Analytics until 2015. Prior to starting R2 in 2006, Dr Rosen had a successful career over a decade at Algorithmics Inc., where he led financial engineering and research, strategy, products and marketing. In addition to working with numerous financial institutions around the world, he lectures extensively on financial engineering, portfolio management, enterprise risk and capital management, credit and market risk, valuation of derivatives and structured finance. He has authored numerous risk management and financial engineering publications, including two books, and several patents, and serves in the editorial board of various industrial and academic journals. Dr Rosen was inducted in 2010 ...
Read More
Meet FFCON19 Featured Keynote Speaker: Dr. Dan Rosen
NCFA | FFCON19 Team | March 14, 2019 Want some credit for being in Fintech? Things are tough out there for some parts of Fintech. If you are part of the ICO, blockchain economy for example, they tell you it’s winter. Those bear markets are tough. It’s like Rodney Dangerfield used to say: No respect. You just wish you could get some credit for your hard work and your groundbreaking innovation... I’ve got some good news for you. FFCON19: FEARLESS has partnered with a company that wants to give you the credit you deserve. Well, $10 bucks worth on your next ride with our friends at Lyft. (No taxi for you!) But only if you register and join us on April 3-4 in downtown Toronto. FFCON19 is a fintech focused conference and expo with several special guests, an amazing lineup of speakers, many well known investors and investment opportunities galore through a pitching competition. And guess what? You can still get a discounted ticket. But you only have 2, that’s right, TWO days left. This deal disappears on March 15, 2019. So if you would like Lyft to give you a little fintech credit while networking, pitching, speaking, connecting and ...
Read More
Want some credit for being in Fintech?
CSA | March 14, 2019 Toronto – The Canadian Securities Administrators (CSA) and Investment Industry Regulatory Organization of Canada (IIROC) today published Joint Canadian Securities Administrators/Investment Industry Regulatory Organization of Canada Consultation Paper 21-402 Proposed Framework for Crypto-Asset Trading Platforms. The consultation paper seeks input from the fintech community, market participants, investors and other stakeholders on how regulatory requirements may be tailored for crypto-asset trading platforms (platforms) operating in Canada. “This consultation outlines a proposed regulatory framework that provides clarity for platforms, greater market integrity and protection for investors,” said Louis Morisset, CSA Chair and President and CEO of the Autorité des marchés financiers. “Platforms have told us that a tailored regulatory framework is welcome as they seek to build consumer confidence and expand their businesses across Canada and globally.” “The emergence of digital and crypto assets continues to be a growing area of interest for regulators, investors and marketplaces – and, together, securities regulators are taking steps to deepen our understanding of this area,” added Andrew J. Kriegler, President and CEO, IIROC. “We must adapt to innovation, and provide clarity to the market about how regulatory requirements might best be tailored and applied to these unique business models, while ...
Read More
Canadian securities regulators consult on regulatory framework for crypto-asset trading platforms
Polymath / KABN release | March 11, 2019 TORONTO & SAINT MICHAEL, Barbados & GIBRALTAR--(BUSINESS WIRE)--Polymath (www.polymath.network), the global leader in software solutions that enable assets to be digitized, distributed, fractionally owned, and ultimately liquidated, has formed a consortium in close collaboration with KABN (www.kabn.network), a global financial services platform that has developed, among its suite of products, a patent pending, blockchain based, GDPR compliant, Always On, global identification and accreditation as a support service for investors and other types of contributors. Polymath is leading the effort to make it easier for organizations to create digital securities from traditional assets through partnerships and a community that supports a transparent and compliant process for issuers and investors. Through its extensive service provider network with firms like KABN, Polymath provides security token issuers with access to top quality service providers. “Our solution supports the creation of digital securities from a wide range of traditional and non-traditional assets,” said Kevin North, CEO of Polymath. “The intention of this partnership is to create a best practice model for customers who need help with the full lifecycle of an STO (Security Token Offering). In this model, the issuer would work with an integrated network of ...
Read More
Polymath and KABN Announce Consortium to Accelerate the Creation, Distribution, and Management of Digital Securities Across Multiple Jurisdictions and Platforms
NCFA Canada | Burden Reduction Committee | March 1, 2019 Executive Summary In response to the Ontario Securities Commission’s (OSC’s) January 14, 2019 request for comments, this submission responds to the eight questions set out in the OSC’s Staff Notice 11-784. This submission draws heavily on, and also updates, the Association’s earlier submission to the OSC dated August 24, 2017 (see Appendix), which primarily focused on the crowdfunding requirements in Ontario. The National Crowdfunding and Fintech Association of Canada (the Association) represents over 2,000 fintech SMEs and individual members that support financial and capital market innovation, small businesses and technology. We are pleased that the Ontario government is undertaking this important regulatory burden reduction initiative to the benefit of all Ontarians. The Association has consulted a number of diverse crowdfunding and fintech stakeholders – including exempt market dealers, industry experts, securities lawyers, regulators and government agencies and is proposing several recommendations to reduce unjustifiable burdens placed on Ontario’s businesses. The Association recommends that the province undertake the following: The OSC conduct a review and publish a report evaluating the effectiveness of Ontario’s crowdfunding regulations (45-108) compared to other jurisdictions in Canada and international competitors such as the UK, US and ...
Read More
March 1, 2019:  NCFA Submission to the Ontario Securities Commission on Regulatory Burden
NCFA Canada | Mar 8, 2019 JOIN US ON A STORYTELLING JOURNEY EVERY FRIDAY. Ep28-Mar 8:  Rethinking Brokers with Muhammad Rashid About this episode:   On this episode of the Fintech Friday's Podcast, our host Manseeb Khan sits down with Muhammad Rashid the CEO of Moregidge. They chatted about how to find a broker that will work for you, how they are revolutionizing the mortgage space and their plans for the future. - Enjoy! HOST:  Manseeb Khan, Fintech Friday's show host GUEST:  MUHAMMAD RASHID, Co-Founder and CEO, Moregidge (Linkedin) BIO:  Muhammad started his career at Flipp, a Toronto-based startup helping retailers digitize traditional circulars and re-imagine the weekly shopping experience. He built and scaled the operations team from 10 people to over 300 across 4 countries. He was also instrumental in developing user retention and retailer ROI strategies through content acquisition and promoting added utility within the mobile app. From there, Muhammad joined Sampler, working alongside manufacturers to distribute targeted, measurable samples directly to consumers. He lead the strategy and expansion of their logistics network into international countries including the UK, France, Italy and Germany. Muhammad is now the Co-Founder and CEO of Moregidge, focusing on reinventing the home-buying experience. Subscribe ...
Read More
Ep28-Mar 8:  Rethinking Brokers with Muhammad Rashid

 


The National Crowdfunding & Fintech Association of Canada (NCFA Canada) is a cross-Canada non-profit actively engaged with cryptocurrency, blockchain, crowdfunding, alternative finance, fintech, P2P, ICO, STO, and online investing stakeholders globally. NCFA Canada provides education, research, industry stewardship, services, and networking opportunities to thousands of members and subscribers and works closely with industry, government, academia, community and eco-system partners and affiliates to create a strong and vibrant crowdfunding and fintech industry. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: ncfacanada.org

Share