Global Governance Insights on Emerging Risks

share save 171 16 - Global Governance Insights on Emerging Risks

Bleu Azur Consulting | June 17, 2018

Direct and indirect costs of cyberattacks - Global Governance Insights on Emerging RisksA HEIGHTENED FOCUS ON RESPONSE AND RECOVERY

Over a third of directors of US public companies now discuss cybersecurity at every board meeting. Cyber risks are being driven onto the agenda by

  • high-profile data breaches,
  • distributed denial of services (DDoS) attacks,
  • and rising ransomware and cyber extortion attacks.

The concern about cyber risks is justified. The annual economic cost of cyber-crime is estimated at US$1.5 trillion and only about 15% of that loss is currently covered by insurance.

MMC Global Risk Center conducted research and interviews with directors from WCD to understand the scope and depth of cyber risk management discussions in the boardroom. The risk of cyberattack is a constantly evolving threat and the interviews highlighted the rising focus on resilience and recovery in boardroom cyber discussions. Approaches to cyber risks are maturing as organizations recognize them as an enterprise business risk, not just an information technology (IT) problem.

However, board focus varies significantly across industries, geographies, organization size and regulatory context. For example, business executives ranked cyberattacks among the top five risks of doing business in the Asia Pacific region but Asian organizations take 1.7 times longer than the global median to discover a breach and spend on average 47% less on information security than North American firms.

REGULATION ON THE RISE

Tightening regulatory requirements for cybersecurity and breach notification across the globe such as

  • the EU GDPR,
  • China’s new Cyber Security Law,
  • and Australia’s Privacy Amendment,

are also propelling cyber onto the board agenda. Most recently, in February 2018, the USA’s Securities and Exchange Commission (SEC) provided interpretive guidance to assist public companies in preparing disclosures about cybersecurity risks and incidents.

Regulations relating to transparency and notifications around cyber breaches drive greater discussion and awareness of cyber risks. Industries such as

  • financial services,
  • telecommunications
  • and utilities,

are subject to a large number of cyberattacks on a daily basis and have stringent regulatory requirements for cybersecurity.

See:  Bithumb $31 Million Crypto Exchange Hack: What We Know (And Don’t)

Kris Manos, Director, KeyCorp, Columbia Forest Products, and Dexter Apache Holdings, observed, “The manufacturing sector is less advanced in addressing cyber threats; the NotPetya and WannaCry attacks flagged that sector’s vulnerability and has led to a greater focus in the boardroom.” For example, the virus forced a transportation company to shut down all of its communications with customers and also within the company. It took several weeks before business was back to normal, and the loss of business was estimated to have been as high as US$300 million. Overall, it is estimated that as a result of supply chain disruptions, consumer goods manufacturers, transport and logistics companies, pharmaceutical firms and utilities reportedly suffered, in aggregate, over US$1 billion in economic losses from the NotPetya attacks. Also, as Cristina Finocchi Mahne, Director, Inwit, Italiaonline, Banco Desio, Natuzzi and Trevi Group, noted, “The focus on cyber can vary across industries depending also on their perception of their own clients’ concerns regarding privacy and data breaches.”

LESSONS LEARNED: UPDATE RESPONSE PLANS AND EVALUATE THIRD-PARTY RISK

The high-profile cyberattacks in 2017, along with new and evolving ransomware onslaughts, were learning events for many organizations. Lessons included the need to establish relationships with organizations that can assist in the event of a cyberattack, such as l

  • aw enforcement,
  • regulatory agencies and recovery service providers
  • including forensic accountants and crisis management firms.

Many boards need to increase their focus on their organization’s cyber incident response plans. A recent global survey found that only 30% of companies have a cyber response plan and a survey by the National Association of Corporate Directors (NACD) suggests that only 60% of boards have reviewed their breach response plan over the past 12 months. Kris Manos noted, “[If an attack occurs,] it’s important to be able to quickly access a response plan. This also helps demonstrate that the organization was prepared to respond effectively.”

Experienced directors emphasized the need for effective response plans alongside robust cyber risk mitigation programs to ensure resilience, as well as operational and reputation recovery. As Jan Babiak, Director, Walgreens Boots Alliance, Euromoney Institutional Investor, and Bank of Montreal, stressed, “The importance of the ’respond and recover’ phase cannot be overstated, and this focus needs to rapidly improve.”

Directors need to review how the organization will communicate and report breaches. Response plans should include preliminary drafts of communications to all stakeholders including customers, suppliers, regulators, employees, the board, shareholders, and even the general public. The plan should also consider legal requirements around timelines to report breaches so the organization is not hit with financial penalties that can add to an already expensive and reputationally damaging situation. Finally, the response plan also needs to consider that normal methods of communication (websites, email, etc.) may be casualties of the breach. A cyber response plan housed only on the corporate network may be of little use in a ransomware attack.

Other lessons included the need to focus on cyber risks posed by third-party suppliers, vendors and other impacts throughout the supply chain. Shirley Daniel, Director, American Savings Bank, and Pacific Asian Management Institute, noted, “Such events highlight vulnerability beyond your organization’s control and are raising the focus on IT security throughout the supply chain.” Survey data suggests that about a third of organizations do not assess the cyber risk of vendors and suppliers. This is a critical area of focus as third-party service providers (e.g., software providers, cloud services providers, etc.) are increasingly embedded in value chains.

More:  The growing cost of cybersecurity

FRUSTRATIONS WITH OVERSIGHT

Most directors expressed frustrations and challenges with cyber risk oversight even though the topic is frequently on meeting agendas. Part of the challenge is that director-level cyber experts are thin on the ground; most boards have only one individual serving as the “tech” or “cyber” person. A Spencer Stuart survey found that 41% of respondents said their board had at least one director with cyber expertise, with an additional 7% who are in the process of recruiting one. Boards would benefit from the addition of experienced individuals who can identify the connections between cybersecurity and overall company strategy.

A crucial additional challenge is obtaining clarity on the organization’s overall cyber risk management framework. (See Exhibit 1: Boards Need More Information on Cyber Investments.) Olga Botero, Director, Evertec, Inc., and Founding Partner, C&S Customers and Strategy, observed, “There are still many questions unanswered for boards, including:

  • How good is our security program?
  • How do we compare to peers?

There is a big lack of benchmarking on practices.” Anastassia Lauterbach, Director, Dun & Bradstreet, and member of Evolution Partners Advisory Board, summarized it well, “Boards need a set of KPIs for cybersecurity highlighting their company’s

  • unique business model,
  • legacy IT,
  • supplier and partner relationships,
  • and geographical scope.”

Nearly a quarter of boards are dissatisfied with the quality of management-provided information related to cybersecurity because of insufficient transparency, inability to benchmark and difficulty of interpretation.

EFFECTIVE OVERSIGHT IS BUILT ON A COMPREHENSIVE CYBER RISK MANAGEMENT FRAMEWORK

Organizations are maturing from a “harden the shell” approach to a protocol based on understanding and protecting core assets and optimizing resources. This includes the application of risk disciplines to assess and manage risk, including quantification and analytics. (See Exhibit 2: Focus Areas of a Comprehensive Cyber Risk Management Framework.) Quantification shifts the conversation from a technical discussion about threat vectors and system vulnerabilities to one focused on maximizing the return on an organization’s cyber spending and lowering its total cost of risk.

Cyber risk management process - Global Governance Insights on Emerging Risks

See:  FSB warns of third-party FinTech risk

Directors also emphasized the need to embed the process in an overall cyber risk management framework and culture. “The culture must emphasize openness and learning from mistakes. Culture and cyber risk oversight go hand in hand,” said Anastassia Lauterbach. Employees should be encouraged to flag and highlight potential cyber incidents, such as phishing attacks, as every employee plays a vital role in cyber risk management. Jan Babiak noted, “If every person in the organization doesn’t view themselves as a human firewall, you have a soft underbelly.” Mary Beth Vitale, Director, GEHA and CoBiz Financial, Inc., also noted, “Much of cyber risk mitigation is related to good housekeeping such as timely patching of servers and ongoing employee training and alertness.”

Boards also need to be alert. “Our board undertakes the same cybersecurity training as employees,” noted Wendy Webb, Director, ABM Industries. Other boards are putting cyber updates and visits to security centers on board “offsite” agendas.

Continue to the full article --> here

 

Click for News:

latest news - Global Governance Insights on Emerging Risks

 

Space | Mike Wall | May 30, 2020 Momentum is building in the private sector We've gotten our hopes up before. The success of NASA's Apollo moon missions half a century ago, for example, made Mars seem very much within reach for human explorers. Indeed, the space agency drew up plans to put boots on the Red Planet by the early 1980s, but shifting political and societal winds killed that idea in the cradle. In 1989, President George H.W. Bush announced the Space Exploration Initiative, which aimed to send astronauts back to the moon by the end of the 1990s and get people to Mars in the 2010s. His son, President George W. Bush, also aimed for a crewed lunar return, with a program called Constellation, whose contours were outlined in 2004. Each program was soon axed by the next administration to come into power. See:  Greater Capitalism: How the pandemic is currently reshaping America’s economic system for the better So it's natural for space fans to greet the grand pronouncements occasioned by SpaceX's first crewed launch on Saturday (May 30) with a bit of skepticism. Yes, the Demo-2 mission to the International Space Station (ISS), the first orbital human ...
Read More
SpaceX rocket launch May 30 2020 - Global Governance Insights on Emerging Risks
Forbes | Colin Harper | May 17, 2020 Two Canadian Bitcoin companies have partnered up to deliver their clients the world’s first 1:1 insurance on bitcoin and cryptocurrency exchange deposits. Toronto-based cryptocurrency exchange Bitbuy, which offers trading in Bitcoin and 6 altcoins, has just inked a deal with Montreal-based Bitcoin security firm Knox. Through the partnership, Bitbuy will leverage Knox’s custody and 1:1 deposit insurance, making “Bitbuy the world’s first platform to find a way to keep the full value of its bitcoin cold storage holdings insured,” according to a press release. Thibaud Marechal, VP Knox, said that the two companies began kindling their business partnership “in the pit of the [2018] bear market,” originally meeting at a conference in Toronto. “The match felt natural,” Marechal said over email, seeing as the young companies both specialized in complementary piece of infrastructure (trading and security/insurance, respectively). They also align with their vision for how to structure a safe, transparent market structure for buying bitcoin. See:  Your Insurance Checklist for Coronavirus Losses “Our two companies are strongly aligned on the direction of the industry, including consumer protection and regulatory advancements,” Adam Goldman, Founder and President Bitbuy, said. “Our partnership is the result ...
Read More
crypto insurance - Global Governance Insights on Emerging Risks
Decrypt | Andrew Hayward | May 27, 2020 First came CryptoKitties, and now Dapper Labs is launching a licensed hoops game with potentially massive mainstream appeal In brief NBA Top Shot, a blockchain-based collectibles game, is lauching in closed beta. The licensed game is developed by Dapper Labs, the studio behind CryptoKitties. Top Shot features tokenized NBA highlights and also pairs with a mobile hoops game. CryptoKitties developer Dapper Labs is going big for its latest project: NBA Top Shot, an officially licensed, blockchain-driven collectible game featuring tokenized highlights from basketball’s greatest stars. See:  How the Pandemic Is Pushing Blockchain Forward It will be available to play next week, at least to those who registered interest and receive an invitation to the soon-to-be-released closed beta test. “What Top Shot does is it allows fans to buy a piece of the on-court action, actually own it, and then be able to sell it,” Dapper Labs VP of Marketing and Partnerships Caty Tedman told Decrypt. “It creates a new economy around the sport that’s never existed before that we’re particularly excited about.” The tokenized moments arrive as interactive “snapshots of a moment in time,” explained Tedman. They’re multi-faceted, animated widgets of sorts ...
Read More
Top Shot Dapper Labs - Global Governance Insights on Emerging Risks
NCFA Canada | May 29, 2020 JOIN US ON A STORYTELLING JOURNEY EVERY FRIDAY. EP40: Why Bitcoin Exists and Education for the Masses HOST: Manseeb Khan, Fintech Fridays podcast episode GUEST: AUSTIN HUBBELL, Founder and CEO, Consilium Crypto (Linkedin) About this episode: On this episode our host Manseeb Khan sits down with Austin Hubbell from Consilum Crypto. They chat about how quarantine is going, the state crypto and much more. Enjoy! NCFA Canada · EP40 Why Bitcoin Exists, Adjusting to Covid-19 and Education for the Masses with Austin Hubbell BIO:  Austin is the CEO and co-founder of Consilium Crypto (https://consiliumcrypto.ai/), a big data company developing institutional grade investment analytics and liquidity access tools for the digital asset markets, helping funds find alpha and place large orders efficiently in times of thin liquidity. With a background in software development and machine learning, as well as previous tech startup experience, Austin brings a skillset balanced between the technology and business worlds. He previously worked with a distributed team based in L.A./San Francisco to build predictive models for crime hotspotting in major US cities, before transferring to the FinTech world to build machine learning based trading systems for currency markets. Enjoy! Subscribe and ...
Read More
FF EP40 Austin Hubbell banner  - Global Governance Insights on Emerging Risks
Raconteur | Marylou Costa | May 28, 2020 Often seen as a nice-to-have, workplace learning and professional development are now gaining importance as organisations’ best shot at retaining happy staff and staying competitive The idea of working from home may conjure up images of dishevelled, tracksuited executives. But the home has actually become the epicentre of a reskilling revolution that may just save businesses from a coronavirus-induced collapse. Corporate learning providers such as LinkedIn Learning, Circus Street and Hive Learning are all reporting a spike in usage, as an overwhelming array of new business challenges puts pressure on teams to embrace remote training methods and professional development. On LinkedIn Learning, more than four million hours of content was consumed globally in March alone. Hive Learning has seen a 20 per cent increase in logins since lockdown began Circus Street has noted not just a 64 per cent increase in weekday learning, but an unprecedented 500 per cent increase on Saturdays Skills gaps that the World Economic Forum had already outlined a need to bridge, such as digital and data literacy, have now become unnegotiable. Meanwhile ecommerce and digital marketing tactics like search engine optimisation and pay-per-click advertising have risen to ...
Read More
remote learning - Global Governance Insights on Emerging Risks
Forbes | Glenda Toma | May 28, 2020 Last December, language-learning app Duolingo surpassed the $1 billion valuation mark, becoming the fifth company on last year’s Next Billion-Dollar Startups list to do so. “Once we closed the funding round, a few of us early employees went for drinks and we just remembered all the early days where we had no idea where we were going to go, and we had no idea if this was even going to work out,” Duolingo CEO and cofounder Luis van Ahn tells Forbes in a video interview. Not only did it work out, but Duolingo has been among the companies that have been gaining during the coronavirus pandemic as bored Americans take to learning Spanish, French or the 34 other languages that it offers. Since Forbes published its 2019 Next Billion-Dollar Startups list last summer, 6 out of the 25 companies on the list, including design-software firm Figma, fintech Dave, e-commerce startup Grove Collaborative, as well as Duolingo, have reached a $1 billion valuation. Last December, language-learning app Duolingo surpassed the $1 billion valuation mark, becoming the fifth company on last year’s Next Billion-Dollar Startups list to do so. “Once we closed the funding round, ...
Read More
Duolingo founder - Global Governance Insights on Emerging Risks
TFI and InvestHK | May 27 Toronto Finance International (TFI) would like to invite the Canadian FinTech ecosystem to join a presentation with InvestHK and RaceCapital to learn more about funding opportunities, new trends, and market entry to Asia in a post-COVID-19 world. Event Details Date: Thursday, June 11th, 2020 Time: 3:00pm to 4:15pm Location: Video Conference Speakers Chris Chen  Head of Investment Promotion - Canada, InvestHK Michal Kaczmarzki Senior Manager, FinTech, InvestHK Edith Yeung General Partner, RaceCapital Agenda: - 3:05 - 3:30pm: Presentation: “Fundraising & governmental support for Fintechs entering Hong Kong” with Chris Chen, Head of Investment Promotion - Canada, InvestHK - 3:30pm-4:00pm: Discussion: Trends & opportunities in Hong Kong, in the post-COVID-19 era with Michal Kaczmarski, Senior Manager, Fintech, InvestHK, and Edith Yeung, General Partner, RaceCapital. Moderated by Chris Chen, Head of Investment Promotion - Canada, InvestHK Q&A to conclude. Register for this free event --> Now The National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in ...
Read More
TFI and InvestHK event - Global Governance Insights on Emerging Risks
NCFA Canada | Craig Asano | May 27, 2020 NCFA SUBMISSION TO CSA ON PROPOSED HARMONIZED RULES FOR START-UP SECURITIES CROWDFUNDING (NI 45-110) The Canadian Securities Administrators (CSA) are seeking comments on proposed harmonized rules for start-up securities crowdfunding by 27 May 2020. The National Crowdfunding and Fintech Association of Canada (NCFA) welcomes this initiative. The following addresses the specifics of the proposed rules, but please see our previous submissions on crowdfunding in Canada on our website in the advocacy section for more details – https://ncfacanada.org/advocacy/. 1. Harmonization NCFA has argued for many years that CSA crowdfunding rules are unduly constraining, and this enhanced harmonization will enable a greater use of crowdfunding across Canada, help to fill a funding gap, and allow more retail investors to invest in businesses whose purpose they support. 2. Impact of the pandemic on fundraising Today, early stage Ventures are the most likely not to get funded as they lack established relationships with banks (including BDC) and they have been amongst the hardest hit by the pandemic.  Many VC funds are moving towards growth equity (later stage) investing and foreign investors mainly invest at later stages.   3. Funding cap While the maximum total amount ...
Read More
NCFA Response to CSA Request for Commments on Proposed Crowdfunding Harmonization Rules NI 45 110 - Global Governance Insights on Emerging Risks
Sifted | Tim Smith | May 26, 2020 As coronavirus has forced classrooms around the world to move online, kids are getting creative in trying to sabotage lessons Georgina Farnham, a Barcelona-based English literature and language teacher, was just getting used to the transition to online teaching when, one day, she thought the internet trolls had parked their tanks on her lawn. Farnham was making use of Kahoot!, the Norwegian educational games app, when the sabotage struck. “We were playing a game and it kept just crashing and not giving kids time to answer the questions, and on the leader board, all of these ridiculous names that hadn’t been entered into the game as players were coming up: ‘gayboy27’, ‘Covid-19’ — offensive names,” she explains. See:  58 Must-Read Remote Work Resources | 50 Great Remote Working Resources The kids said it was nothing to do with them, and Farnham got worried: “I thought someone had hacked into our game and was watching us, and I was worried for our cyber security.” Farnham quickly contacted the Kahoot! customer service team to find out what was going on. But the culprits, as it turned out, were closer to home than she had ...
Read More
Online educator and consultant - Global Governance Insights on Emerging Risks
Koho Release | Brittany Bell | May 27, 2020 TORONTO, May 27, 2020 (GLOBE NEWSWIRE) -- KOHO, Canada’s leading challenger bank, today announced it is piloting a new Early Payroll feature that will help those under financial strain pay their bills and make ends meet. KOHO’s Early Payroll pilot will grant users free access to $100 of their CERB payment before the scheduled payday. KOHO will not charge fees or interest. The company hopes this will provide a cushion that many Canadians could use right now to help pay bills and necessary expenses, and avoid harmful loan alternatives. “The economic impact of COVID was not equally distributed,” said Daniel Eberhard, Founder and CEO of KOHO. “A lot of lower and middle income Canadians are vulnerable right now. The KOHO team did an amazing job putting this together so quickly. We hope it helps.” In 2016 the Financial Consumer Agency of Canada released a report on payday loans that revealed the average cost of a $300 loan (for two weeks) is $63. That means 21% of the money you borrow is automatically eaten up by fees. See:  Shopify Balance Brings Banking and Cash Flow to Merchants In March, KOHO partnered with ...
Read More
koho covid adavnces - Global Governance Insights on Emerging Risks

 


NCFA Jan 2018 resize - Global Governance Insights on Emerging RisksThe National Crowdfunding & Fintech Association of Canada (NCFA Canada) is a cross-Canada non-profit actively engaged with cryptocurrency, blockchain, crowdfunding, alternative finance, fintech, P2P, ICO, STO, and online investing stakeholders globally. NCFA Canada provides education, research, industry stewardship, services, and networking opportunities to thousands of members and subscribers and works closely with industry, government, academia, community and eco-system partners and affiliates to create a strong and vibrant crowdfunding and fintech industry. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: ncfacanada.org

share save 171 16 - Global Governance Insights on Emerging Risks