Global Governance Insights on Emerging Risks

Share

Bleu Azur Consulting | June 17, 2018

A HEIGHTENED FOCUS ON RESPONSE AND RECOVERY

Over a third of directors of US public companies now discuss cybersecurity at every board meeting. Cyber risks are being driven onto the agenda by

  • high-profile data breaches,
  • distributed denial of services (DDoS) attacks,
  • and rising ransomware and cyber extortion attacks.

The concern about cyber risks is justified. The annual economic cost of cyber-crime is estimated at US$1.5 trillion and only about 15% of that loss is currently covered by insurance.

MMC Global Risk Center conducted research and interviews with directors from WCD to understand the scope and depth of cyber risk management discussions in the boardroom. The risk of cyberattack is a constantly evolving threat and the interviews highlighted the rising focus on resilience and recovery in boardroom cyber discussions. Approaches to cyber risks are maturing as organizations recognize them as an enterprise business risk, not just an information technology (IT) problem.

However, board focus varies significantly across industries, geographies, organization size and regulatory context. For example, business executives ranked cyberattacks among the top five risks of doing business in the Asia Pacific region but Asian organizations take 1.7 times longer than the global median to discover a breach and spend on average 47% less on information security than North American firms.

REGULATION ON THE RISE

Tightening regulatory requirements for cybersecurity and breach notification across the globe such as

  • the EU GDPR,
  • China’s new Cyber Security Law,
  • and Australia’s Privacy Amendment,

are also propelling cyber onto the board agenda. Most recently, in February 2018, the USA’s Securities and Exchange Commission (SEC) provided interpretive guidance to assist public companies in preparing disclosures about cybersecurity risks and incidents.

Regulations relating to transparency and notifications around cyber breaches drive greater discussion and awareness of cyber risks. Industries such as

  • financial services,
  • telecommunications
  • and utilities,

are subject to a large number of cyberattacks on a daily basis and have stringent regulatory requirements for cybersecurity.

See:  Bithumb $31 Million Crypto Exchange Hack: What We Know (And Don’t)

Kris Manos, Director, KeyCorp, Columbia Forest Products, and Dexter Apache Holdings, observed, “The manufacturing sector is less advanced in addressing cyber threats; the NotPetya and WannaCry attacks flagged that sector’s vulnerability and has led to a greater focus in the boardroom.” For example, the virus forced a transportation company to shut down all of its communications with customers and also within the company. It took several weeks before business was back to normal, and the loss of business was estimated to have been as high as US$300 million. Overall, it is estimated that as a result of supply chain disruptions, consumer goods manufacturers, transport and logistics companies, pharmaceutical firms and utilities reportedly suffered, in aggregate, over US$1 billion in economic losses from the NotPetya attacks. Also, as Cristina Finocchi Mahne, Director, Inwit, Italiaonline, Banco Desio, Natuzzi and Trevi Group, noted, “The focus on cyber can vary across industries depending also on their perception of their own clients’ concerns regarding privacy and data breaches.”

LESSONS LEARNED: UPDATE RESPONSE PLANS AND EVALUATE THIRD-PARTY RISK

The high-profile cyberattacks in 2017, along with new and evolving ransomware onslaughts, were learning events for many organizations. Lessons included the need to establish relationships with organizations that can assist in the event of a cyberattack, such as l

  • aw enforcement,
  • regulatory agencies and recovery service providers
  • including forensic accountants and crisis management firms.

Many boards need to increase their focus on their organization’s cyber incident response plans. A recent global survey found that only 30% of companies have a cyber response plan and a survey by the National Association of Corporate Directors (NACD) suggests that only 60% of boards have reviewed their breach response plan over the past 12 months. Kris Manos noted, “[If an attack occurs,] it’s important to be able to quickly access a response plan. This also helps demonstrate that the organization was prepared to respond effectively.”

Experienced directors emphasized the need for effective response plans alongside robust cyber risk mitigation programs to ensure resilience, as well as operational and reputation recovery. As Jan Babiak, Director, Walgreens Boots Alliance, Euromoney Institutional Investor, and Bank of Montreal, stressed, “The importance of the ’respond and recover’ phase cannot be overstated, and this focus needs to rapidly improve.”

Directors need to review how the organization will communicate and report breaches. Response plans should include preliminary drafts of communications to all stakeholders including customers, suppliers, regulators, employees, the board, shareholders, and even the general public. The plan should also consider legal requirements around timelines to report breaches so the organization is not hit with financial penalties that can add to an already expensive and reputationally damaging situation. Finally, the response plan also needs to consider that normal methods of communication (websites, email, etc.) may be casualties of the breach. A cyber response plan housed only on the corporate network may be of little use in a ransomware attack.

Other lessons included the need to focus on cyber risks posed by third-party suppliers, vendors and other impacts throughout the supply chain. Shirley Daniel, Director, American Savings Bank, and Pacific Asian Management Institute, noted, “Such events highlight vulnerability beyond your organization’s control and are raising the focus on IT security throughout the supply chain.” Survey data suggests that about a third of organizations do not assess the cyber risk of vendors and suppliers. This is a critical area of focus as third-party service providers (e.g., software providers, cloud services providers, etc.) are increasingly embedded in value chains.

More:  The growing cost of cybersecurity

FRUSTRATIONS WITH OVERSIGHT

Most directors expressed frustrations and challenges with cyber risk oversight even though the topic is frequently on meeting agendas. Part of the challenge is that director-level cyber experts are thin on the ground; most boards have only one individual serving as the “tech” or “cyber” person. A Spencer Stuart survey found that 41% of respondents said their board had at least one director with cyber expertise, with an additional 7% who are in the process of recruiting one. Boards would benefit from the addition of experienced individuals who can identify the connections between cybersecurity and overall company strategy.

A crucial additional challenge is obtaining clarity on the organization’s overall cyber risk management framework. (See Exhibit 1: Boards Need More Information on Cyber Investments.) Olga Botero, Director, Evertec, Inc., and Founding Partner, C&S Customers and Strategy, observed, “There are still many questions unanswered for boards, including:

  • How good is our security program?
  • How do we compare to peers?

There is a big lack of benchmarking on practices.” Anastassia Lauterbach, Director, Dun & Bradstreet, and member of Evolution Partners Advisory Board, summarized it well, “Boards need a set of KPIs for cybersecurity highlighting their company’s

  • unique business model,
  • legacy IT,
  • supplier and partner relationships,
  • and geographical scope.”

Nearly a quarter of boards are dissatisfied with the quality of management-provided information related to cybersecurity because of insufficient transparency, inability to benchmark and difficulty of interpretation.

EFFECTIVE OVERSIGHT IS BUILT ON A COMPREHENSIVE CYBER RISK MANAGEMENT FRAMEWORK

Organizations are maturing from a “harden the shell” approach to a protocol based on understanding and protecting core assets and optimizing resources. This includes the application of risk disciplines to assess and manage risk, including quantification and analytics. (See Exhibit 2: Focus Areas of a Comprehensive Cyber Risk Management Framework.) Quantification shifts the conversation from a technical discussion about threat vectors and system vulnerabilities to one focused on maximizing the return on an organization’s cyber spending and lowering its total cost of risk.

See:  FSB warns of third-party FinTech risk

Directors also emphasized the need to embed the process in an overall cyber risk management framework and culture. “The culture must emphasize openness and learning from mistakes. Culture and cyber risk oversight go hand in hand,” said Anastassia Lauterbach. Employees should be encouraged to flag and highlight potential cyber incidents, such as phishing attacks, as every employee plays a vital role in cyber risk management. Jan Babiak noted, “If every person in the organization doesn’t view themselves as a human firewall, you have a soft underbelly.” Mary Beth Vitale, Director, GEHA and CoBiz Financial, Inc., also noted, “Much of cyber risk mitigation is related to good housekeeping such as timely patching of servers and ongoing employee training and alertness.”

Boards also need to be alert. “Our board undertakes the same cybersecurity training as employees,” noted Wendy Webb, Director, ABM Industries. Other boards are putting cyber updates and visits to security centers on board “offsite” agendas.

Continue to the full article --> here

 

Click for News:

 

Globe and Mail | Sean Silcoff | Dec 18, 2018 Dragons' Den star Michele Romanow and her partner Andrew D’Souza have secured another US$50-million to grow their latest startup, Clearbanc, just weeks after announcing they had raised US$70-million to bankroll the financing provider for e-commerce firms. Now, they are looking to secure hundreds of millions of dollars more to meet a surge in demand from online sellers looking for cheap alternatives to finance their growth. “We see this as a pretty exciting next step,” said Ms. Romanow, president and co-founder of Clear Finance Technology Corp., which operates as Clearbanc. “I don’t think we expected this to come this quickly.” Clearbanc fronts e-commerce entrepreneurs with money to pay for their online advertising in exchange for a small percentage of revenues that spending generates, until they repay the amount in full, plus a 6-per-cent premium. Customers do not have to provide personal guarantees, give up equity or submit to credit checks. Instead, they provide Clearbanc with access to business data from their online payment processors, their online advertising accounts and bank accounts. Clearbanc’s software then crunches the data and assesses their unit economics in minutes, spitting out an automated financing offer based ...
Read More
Dragons' Den star’s startup secures another US$50-million in financing
Million Mile Secrets | August 21, 2018 When most people think of buying tickets for a flight, or making other travel-related purchases, they might reach into their wallet for their credit card. But did you know you might be able to pay with a form of digital cryptocurrency, like Bitcoin? Bitcoin is a type of digital cryptocurrency that serves the same function as traditional currency, like US dollars. The main difference is that Bitcoin is not tied to any central bank, and is not regulated by a government body, thus offering a degree of anonymity to users. The process for paying with Bitcoin is very similar to paying with a credit or debit card. If you’re purchasing online, you’ll simply select Bitcoin as your method of payment. You’ll then be redirected to a site like Coinbase, where you’ll follow the instructions to complete payment. We’ll go through which travel sites accept Bitcoin, best practices when dealing with cryptocurrency, and some pros and cons of using digital currency to help you decide if it’s the right method of payment for you! Where Can You Use Bitcoin for Travel Purchases? Although Bitcoin has not yet gone back to its 2017 levels (at ...
Read More
Can You Use Bitcoin to Pay for Travel?
Coindesk | Santiago Siri | Dec 18, 2018 As governance becomes more and more prevalent in discussions around consensus protocols, it is clear that Satoshi Nakamoto’s original vision of “one-CPU-one-vote” shaped the entire crypto industry into thinking governance centered around machines, not people. But if artificial intelligence (AI) is indeed a threat to humanity as Elon Musk and Sam Altman frequently warn, why are we risking giving AI the political power of distributed networks? Guaranteeing a fundamental right to privacy bent early blockchain design toward anonymity. While that approach helps fight financial corruption (political corruption is exploiting the internet in ways that can also be fought back with decentralized computation), the menace of AI is less abstract than it seems. The fact that social algorithms thrive on memes helps explain today’s political reality. See:  Lifehacks for When a Robot Wants Your Job However, AI is leading us to even deeper questions and challenges. The most salient fact from contemporaneous politics is the growing shadow of doubt cast over the democratic process in the U.S.: did foreign influence win the most expensive election on the planet? Since the Peace of Westphalia in the 17th Century, nation-states have been a political construction ...
Read More
Humans on the Blockchain: Why Crypto Is the Best Defense Against AI Overlords
CNBC | Kate Rooney | Dec 17, 2018 Robinhood's attempt to launch a disruptive, first-of-its-kind product offers some lessons for fintech companies trying to break the mold in a highly regulated industry. The start-up announced it would launch checking and savings accounts with an eye-popping, industry leading interest rate. Just a day later, they said they were re-naming and re-launching after regulators and Wall Street sounded the alarm. Robinhood did not contact a key industry watchdog ahead of its launch, a move that wasn’t legally required but could have saved them from "an epic fail" and “getting egg on their face,” according to UBS analyst Brennan Hawken. “Next time they’ll aim before they shoot,” SIPC president Stephen Harbeck said. On Thursday, the popular stock-trading start-up rolled out what executives said was the biggest announcement in the company's history: Checking and savings products with a 3 percent interest rate, and zero fees. But just a day later, the start-up un-winded its ambitious plan. There were a number of questions about the product — but mostly on the regulatory side. The accounts being offered by Robinhood were insured by the Securities Investor Protection Corporation, or SIPC. Those protections are a far cry ...
Read More
What fintech can learn from Robinhood's 'epic fail' of launching checking accounts
Forbes | Gerald Fenech | Dec 12, 2018 The crypto space, though promising in a myriad of different ways still has many obstacles to overcome. Bad actors are slowly being weeded out but at an excruciating pace. Ideally, the crypto space would have so much competition, innovation and use cases that the best ideas and best innovators would naturally stand tall. Though 2018 has been a trying year for everyone in the space, 2019 is looking positive as many promising projects are rearing to go. These neophytes, though not experienced are seeking to close the gaps within the crypto space that have lingered since the beginning, namely; security, accountability and transparency and above all, practical implications for the technology. Countries like Gibraltar, Malta, and Switzerland seeking to build legislative frameworks for these new businesses to operate and thrive in, and give them a home. However, it is a difficult balance; on the one hand to regulate, securitize and make everything compliant, whilst also not stifling budding, inherent innovation. Although everyone recognizes that DLT has huge potential, the time has now come for the space to mature, become regulated and for things be done right. Now is the time to forget the ...
Read More
The Security Token Field - The Next Step After the ICO Annihilation?
Bloomberg | Julie Verhage and Jennifer Surane | Dec 10, 2018 In 2018, a number of financial technology startups came into their own. Free trading platform Robinhood Markets Inc., for example, added new services and billions to its valuation. And Stripe Inc. was valued by investors at a price higher than the market caps of 249 of the companies on the S&P 500 Index. But the industry is also maturing and consolidating, and larger industry players, hoping not to be left behind by the new era of digital finance, are stepping up their hunt for acquisitions. What should we be on the lookout for in 2019? According to the fintech pros surveyed by Bloomberg—more deals, swirling IPO rumors and a continued steady stream of checks from venture capitalists. Here’s a wrap from industry experts. (Quotes have been lightly edited for clarity and length.) See:  OSC Seeks Applications for Fintech Advisory Committee IPOs looming Up to this point, financial technology startups have been hesitant to enter the public markets. And who can blame them? Most fintech companies that have gone public in recent years have seen their share prices tumble, and ample venture capital funding has buffered balance sheets. Still, a major IPO ...
Read More
Experts predict the five big fintech trends of 2019
Coinsquare release | Dec 6, 2018 The acquisition was closed for $12 million CAD and brings the leading cryptocurrency wallet on the Stellar platform into the Coinsquare ecosystem TORONTO, Dec. 6, 2018 /CNW/ - Today Coinsquare, Canada's premier cryptocurrency trading platform for trading Bitcoin, Ethereum, and other cryptocurrencies, announced it has acquired BlockEQ, the leading cryptocurrency wallet on the Stellar network. Coinsquare purchased BlockEQ for $12 million CAD and will leverage BlockEQ's technology to help Coinsquare and its users connect further with the world of cryptocurrencies. See:  House Finance Committee Urges Canadian Government to Regulate Cryptocurrencies "We have enormous respect for what the BlockEQ team brings to Coinsquare," said Cole Diamond, CEO of Coinsquare. "They are one of Canada's best tech teams, and the product they've built is immensely valuable. That combination in partnership with Coinsquare's technology and team means that we have the opportunity to build amazing things for the cryptocurrency community in Canada and far beyond." BlockEQ, which was co-founded by Jonathan Lister, Megha Bambra and Satraj Bambra, is a cryptocurrency wallet that empowers users to buy, trade, and hold cryptocurrencies in a secure manner. It allows for the tokenization of crypto assets in order to allow them ...
Read More
Coinsquare acquires BlockEQ to expand its cryptocurrency offerings
OSC Release | Dec 6, 2018 TORONTO – The Ontario Securities Commission (OSC) is seeking applications for membership on its Fintech Advisory Committee (FAC). The FAC advises OSC LaunchPad staff on developments in the fintech space and the challenges faced by start-ups in the securities industry.  OSC LaunchPad is a dedicated team that engages with fintech businesses, provides guidance and flexibility in navigating securities regulatory requirements, and works to keep regulation in step with digital innovation. The FAC will meet quarterly, with additional meetings as required. The FAC is chaired by Pat Chaukos, Deputy Director, OSC LaunchPad, and will consist of up to 15 members. Membership terms will be for one year.  Members will be selected based on whether they have direct experience in one or more of the following: Digital platforms (e.g., crowdfunding portals, crypto-asset trading platforms, online advisers); Crypto-assets or distributed ledger technologies (e.g., blockchain); Data science or artificial intelligence (AI); Venture capital, financial services, securities, legal or accounting experience with a focus on the fintech or technology sector; Fintech or technology entrepreneurship; Compliance or regulatory technology (RegTech) solutions; or Cryptography or cybersecurity. See:  OSC outlines key areas of focus for 2018-2019 Interested parties should submit a résumé indicating their ...
Read More
OSC Seeks Applications for Fintech Advisory Committee
Coindesk | Nikhilesh De | Nov 30, 2018 Members of VanEck, SolidX and the Cboe BZX Exchange met with U.S. Securities and Exchange Commission (SEC) staff earlier this week to present a new argument on why the bitcoin market is ready for an exchange-traded fund (ETF). In the latest push to convince the regulator to approve a rule change which would open the door for the country’s first bitcoin ETF, the three firms met with the SEC’s Division of Corporation Finance, Division of Trading and Markets, Division of Economic and Risk Analysis and Office of General Counsel. Notably, Monday’s effort differed from previous presentations, which took more of a regulatory focus. See:  OSC approves Canada’s first blockchain ETF Instead, the proponents’ argument centered around the idea that the bitcoin market is mature enough to support an ETF, and at present looks similar to markets for other assets which already have such products. The presentation gave several examples of assets that already have ETFs, including crude oil, silver and gold. The presentation specifically tied the idea of futures markets with spot markets, noting that for money substitutes such as gold and silver, this connection between the two can be proven with empirical ...
Read More
Bitcoin ETF Seekers Met With SEC Monday In Latest Pitch for Approval
Investment Executive | By James Langton | Nov 23, 2018 Many hurdles remain for the CMRA before it becomes a reality Canada’s regulatory landscape faces a transformation as politics, shifting priorities and new legal realities push the investment industry’s overseers in new directions. Most obviously, the prospect of a fundamental reshaping of the regulatory framework in Canada now is, at least, a possibility – given the Supreme Court of Canada’s (SCC) long-awaited decision on Nov. 9, which reversed a lower court’s ruling in Quebec, that declared that a proposed federal/provincial model for a co-operative capital markets regulator is constitutional. But while this decision knocks down a basic legal obstacle for the new model for overseeing the securities industry, that doesn’t mean that the adoption of a co-operative regulator is imminent – or even inevitable. Indeed, the SCC’s decision hints at the significance of the hurdles that still must be cleared before the proposed Capital Markets Regulatory Authority (CMRA) can become a reality in Canada. Although the SCC has found that the proposed CMRA model is constitutional, that doesn’t necessarily mean it is a good idea. “It’s up to the provinces to determine whether participation is in their best interests,” the ...
Read More
Not yet a done deal

 


The National Crowdfunding & Fintech Association of Canada (NCFA Canada) is a cross-Canada non-profit actively engaged with cryptocurrency, blockchain, crowdfunding, alternative finance, fintech, P2P, ICO, STO, and online investing stakeholders globally. NCFA Canada provides education, research, industry stewardship, services, and networking opportunities to thousands of members and subscribers and works closely with industry, government, academia, community and eco-system partners and affiliates to create a strong and vibrant crowdfunding and fintech industry. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: ncfacanada.org

Share