Global Governance Insights on Emerging Risks

Bleu Azur Consulting | June 17, 2018

Direct and indirect costs of cyberattacks - Global Governance Insights on Emerging RisksA HEIGHTENED FOCUS ON RESPONSE AND RECOVERY

Over a third of directors of US public companies now discuss cybersecurity at every board meeting. Cyber risks are being driven onto the agenda by

  • high-profile data breaches,
  • distributed denial of services (DDoS) attacks,
  • and rising ransomware and cyber extortion attacks.

The concern about cyber risks is justified. The annual economic cost of cyber-crime is estimated at US$1.5 trillion and only about 15% of that loss is currently covered by insurance.

MMC Global Risk Center conducted research and interviews with directors from WCD to understand the scope and depth of cyber risk management discussions in the boardroom. The risk of cyberattack is a constantly evolving threat and the interviews highlighted the rising focus on resilience and recovery in boardroom cyber discussions. Approaches to cyber risks are maturing as organizations recognize them as an enterprise business risk, not just an information technology (IT) problem.

However, board focus varies significantly across industries, geographies, organization size and regulatory context. For example, business executives ranked cyberattacks among the top five risks of doing business in the Asia Pacific region but Asian organizations take 1.7 times longer than the global median to discover a breach and spend on average 47% less on information security than North American firms.

REGULATION ON THE RISE

Tightening regulatory requirements for cybersecurity and breach notification across the globe such as

  • the EU GDPR,
  • China’s new Cyber Security Law,
  • and Australia’s Privacy Amendment,

are also propelling cyber onto the board agenda. Most recently, in February 2018, the USA’s Securities and Exchange Commission (SEC) provided interpretive guidance to assist public companies in preparing disclosures about cybersecurity risks and incidents.

Regulations relating to transparency and notifications around cyber breaches drive greater discussion and awareness of cyber risks. Industries such as

  • financial services,
  • telecommunications
  • and utilities,

are subject to a large number of cyberattacks on a daily basis and have stringent regulatory requirements for cybersecurity.

See:  Bithumb $31 Million Crypto Exchange Hack: What We Know (And Don’t)

Kris Manos, Director, KeyCorp, Columbia Forest Products, and Dexter Apache Holdings, observed, “The manufacturing sector is less advanced in addressing cyber threats; the NotPetya and WannaCry attacks flagged that sector’s vulnerability and has led to a greater focus in the boardroom.” For example, the virus forced a transportation company to shut down all of its communications with customers and also within the company. It took several weeks before business was back to normal, and the loss of business was estimated to have been as high as US$300 million. Overall, it is estimated that as a result of supply chain disruptions, consumer goods manufacturers, transport and logistics companies, pharmaceutical firms and utilities reportedly suffered, in aggregate, over US$1 billion in economic losses from the NotPetya attacks. Also, as Cristina Finocchi Mahne, Director, Inwit, Italiaonline, Banco Desio, Natuzzi and Trevi Group, noted, “The focus on cyber can vary across industries depending also on their perception of their own clients’ concerns regarding privacy and data breaches.”

LESSONS LEARNED: UPDATE RESPONSE PLANS AND EVALUATE THIRD-PARTY RISK

The high-profile cyberattacks in 2017, along with new and evolving ransomware onslaughts, were learning events for many organizations. Lessons included the need to establish relationships with organizations that can assist in the event of a cyberattack, such as l

  • aw enforcement,
  • regulatory agencies and recovery service providers
  • including forensic accountants and crisis management firms.

Many boards need to increase their focus on their organization’s cyber incident response plans. A recent global survey found that only 30% of companies have a cyber response plan and a survey by the National Association of Corporate Directors (NACD) suggests that only 60% of boards have reviewed their breach response plan over the past 12 months. Kris Manos noted, “[If an attack occurs,] it’s important to be able to quickly access a response plan. This also helps demonstrate that the organization was prepared to respond effectively.”

Experienced directors emphasized the need for effective response plans alongside robust cyber risk mitigation programs to ensure resilience, as well as operational and reputation recovery. As Jan Babiak, Director, Walgreens Boots Alliance, Euromoney Institutional Investor, and Bank of Montreal, stressed, “The importance of the ’respond and recover’ phase cannot be overstated, and this focus needs to rapidly improve.”

Directors need to review how the organization will communicate and report breaches. Response plans should include preliminary drafts of communications to all stakeholders including customers, suppliers, regulators, employees, the board, shareholders, and even the general public. The plan should also consider legal requirements around timelines to report breaches so the organization is not hit with financial penalties that can add to an already expensive and reputationally damaging situation. Finally, the response plan also needs to consider that normal methods of communication (websites, email, etc.) may be casualties of the breach. A cyber response plan housed only on the corporate network may be of little use in a ransomware attack.

Other lessons included the need to focus on cyber risks posed by third-party suppliers, vendors and other impacts throughout the supply chain. Shirley Daniel, Director, American Savings Bank, and Pacific Asian Management Institute, noted, “Such events highlight vulnerability beyond your organization’s control and are raising the focus on IT security throughout the supply chain.” Survey data suggests that about a third of organizations do not assess the cyber risk of vendors and suppliers. This is a critical area of focus as third-party service providers (e.g., software providers, cloud services providers, etc.) are increasingly embedded in value chains.

More:  The growing cost of cybersecurity

FRUSTRATIONS WITH OVERSIGHT

Most directors expressed frustrations and challenges with cyber risk oversight even though the topic is frequently on meeting agendas. Part of the challenge is that director-level cyber experts are thin on the ground; most boards have only one individual serving as the “tech” or “cyber” person. A Spencer Stuart survey found that 41% of respondents said their board had at least one director with cyber expertise, with an additional 7% who are in the process of recruiting one. Boards would benefit from the addition of experienced individuals who can identify the connections between cybersecurity and overall company strategy.

A crucial additional challenge is obtaining clarity on the organization’s overall cyber risk management framework. (See Exhibit 1: Boards Need More Information on Cyber Investments.) Olga Botero, Director, Evertec, Inc., and Founding Partner, C&S Customers and Strategy, observed, “There are still many questions unanswered for boards, including:

  • How good is our security program?
  • How do we compare to peers?

There is a big lack of benchmarking on practices.” Anastassia Lauterbach, Director, Dun & Bradstreet, and member of Evolution Partners Advisory Board, summarized it well, “Boards need a set of KPIs for cybersecurity highlighting their company’s

  • unique business model,
  • legacy IT,
  • supplier and partner relationships,
  • and geographical scope.”

Nearly a quarter of boards are dissatisfied with the quality of management-provided information related to cybersecurity because of insufficient transparency, inability to benchmark and difficulty of interpretation.

EFFECTIVE OVERSIGHT IS BUILT ON A COMPREHENSIVE CYBER RISK MANAGEMENT FRAMEWORK

Organizations are maturing from a “harden the shell” approach to a protocol based on understanding and protecting core assets and optimizing resources. This includes the application of risk disciplines to assess and manage risk, including quantification and analytics. (See Exhibit 2: Focus Areas of a Comprehensive Cyber Risk Management Framework.) Quantification shifts the conversation from a technical discussion about threat vectors and system vulnerabilities to one focused on maximizing the return on an organization’s cyber spending and lowering its total cost of risk.

Cyber risk management process - Global Governance Insights on Emerging Risks

See:  FSB warns of third-party FinTech risk

Directors also emphasized the need to embed the process in an overall cyber risk management framework and culture. “The culture must emphasize openness and learning from mistakes. Culture and cyber risk oversight go hand in hand,” said Anastassia Lauterbach. Employees should be encouraged to flag and highlight potential cyber incidents, such as phishing attacks, as every employee plays a vital role in cyber risk management. Jan Babiak noted, “If every person in the organization doesn’t view themselves as a human firewall, you have a soft underbelly.” Mary Beth Vitale, Director, GEHA and CoBiz Financial, Inc., also noted, “Much of cyber risk mitigation is related to good housekeeping such as timely patching of servers and ongoing employee training and alertness.”

Boards also need to be alert. “Our board undertakes the same cybersecurity training as employees,” noted Wendy Webb, Director, ABM Industries. Other boards are putting cyber updates and visits to security centers on board “offsite” agendas.

Continue to the full article --> here

 

Click for News:

latest news - Global Governance Insights on Emerging Risks

 

NCFA Guest Post | July 16, 2019 Managing Finances in a New Startup Every day, new startups are launched and another entrepreneur decides to begin building a business. One of the challenges that startups often face is managing their money effectively. Managing business finances can differ from personal finances as one mistake could trigger several issues in your business. Being as meticulous and accurate as possible is one of many ways to grow finances in a healthy way. It’s also imperative that you keep your expenses low which can be done in numerous ways. On that note, here is how you can manage your finances if you happen to have a new startup. Create a Budget Every business that wants to effectively manage its finances needs a budget. This will give you an accurate idea of what your income and expenses look like so that you’re able to spend wisely and plan effectively. Below, you’ll find a couple of tips for creating a budget. Income: Firstly, you’ll need to write down every source of income that your business has. In the case that you don’t have any income yet, create a financial forecast and estimate how much you think you’ll ...
Read More
Managing finances in a new startup - Global Governance Insights on Emerging Risks
Impression Ventures | Christian Lassonde | July 16, 2019 Intro:  NCFA Fintech Confidential spoke with some of Canada’s experienced fintech investors, on their background, how Canada has evolved, what we should be doing, advice to fintech founders and what keeps them awake at night.  This is part 3 of a 4 part series. What is your background, and how did you come to found Impression Ventures? I'm graduated from Western in the mid-90s with two degrees. Comp-Eng and Comp-Sci. I immediately started my own business, excited by the endless possibilities the internet could bring to gaming. I had no idea what I was doing - needless to say, that company didn't work out. But the lessons I learned being a first-time entrepreneur have stayed with me to this day. From there I moved to the Valley, worked for some all-star companies; Electronic Arts, LucasArts, Linden Lab, got an MBA and founded two more businesses, Millions of Us & Virtual Greats. After a decade in the San Francisco area, I moved back to Toronto. After a fourth startup (didn't work out) - I got very interested in the intersection of finance and technology, two businesses sectors Canadian's excel at, but there was ...
Read More
Impression Ventures - Global Governance Insights on Emerging Risks
Coindesk |Michael J Casey | Jul 15, 2019 Let’s be clear: It was not the substance of Donald Trump’s tweet that made his critique of bitcoin and Libra so important last week. It should be of no surprise that this US President would declare himself “not a fan” of “highly volatile” cryptocurrencies “based on thin air” that “facilitate unlawful behavior” or that he much prefers a “dependable and reliable” currency “called the United States Dollar!” (Anyone who assumed Trump would be a “drain-the-swamp” libertarian advocate for censorship-resistant money had an ill-informed view of a man whose government is stacked with former Wall Street execs, who opposes free trade and immigration, and takes a draconian approach to a variety of civil rights and social liberties.) What matters is the very fact that a sitting president mentioned cryptocurrencies at all. Indeed, from a price perspective, Trump’s disparaging remarks are, on balance, positive for bitcoin. By Friday evening, the post-tweet price action reflected that. See:  Fintech Fridays Episode 32: Rallying behind Bitcoin with Frederick T. Pye More importantly, the tweet marks a symbolic milestone in the gradual but ever-expanding presence that cryptocurrency occupies in the public conversation around money and policy. It also marks ...
Read More
donald trump not a fan of bitcoin - Global Governance Insights on Emerging Risks
Cointelegraph | Helen Partz | July 10, 2019 Global payment giant Visa has recorded its second investment in a crypto project by leading a $40 million funding round of Anchorage startup, according to a Fortune report on July 10. Visa has reportedly led the round along with major cryptocurrency venture capital (VC) firm Blockchain Capital to support institutional-grade crypto custody service Anchorage, which previously raised $17 million in an investment led by Andreessen Horowitz. In the new round, both the amount of Visa’s contribution and Anchorage’s private valuation were not disclosed, the report notes. Both Visa and Anchorage are founding members of Facebook’s cryptocurrency project Libra, which was officially revealed on June 18. See:  Ethereum will match Visa in scale in a ‘couple of years’ says founder As Fortune noted, the recent funding round is the second known investment of Visa in a crypto-related firm, with the payment giant having participated in a $30 million funding round in blockchain startup Chain back in 2015 alongside with Nasdaq and Citi. In late 2018, Chain was acquired by Stellar-focused firm Lightyear. The new funding will be used in Anchorage’s mission to provide an alternative to cold storage-based institutional custodies to ensure the ...
Read More
visa invests in crypto - Global Governance Insights on Emerging Risks
The Block Crypto | Frank Chaparro | July 10, 2019 Quick Take The Security and Exchange Commission approved Blockstack’s token offering under Reg A+, an accelerated path for smaller companies to raise money publicly This is the first approval the SEC gave for a token offering, after a series of crackdowns the regulator led against unregistered ICOs it deems as securities The Securities and Exchange Commission (SEC) gave blockchain startup Blockstack the go-ahead today to conduct a $28 million digital token offering under Regulation A+, the first token offering of its kind ever approved by the SEC, according to the firm. The SEC has launched a series of crackdowns on unregistered initial coin offerings (ICOs), with the latest including a dispute with messaging app Kik over its $100 million ICO. Still, Reg A+ offerings have had their own headaches. Reg A+ is a fast track for smaller companies to publicly raise money with less strenuous accounting and disclosure standards than a regular token offering requires. Even so, Blockstack founder Muneeb Ali told the Wall Street Journal that the process is still very long and costly since the SEC had to devise a brand new protocol for token offerings under Reg ...
Read More
Blockstack Reg A token sale 1 - Global Governance Insights on Emerging Risks
NCFA Canada | July 6, 2019 JOIN US ON A STORYTELLING JOURNEY EVERY FRIDAY. Ep34-July 6: Accelerating Fintech Growth HOST: Manseeb Khan, Fintech Friday's show host GUEST:  BRENDAN HOLT DUNN, Founder Holt Accelerator, (Linkedin) BIO:  Brendan is an investment guru who has close to 15 years in managing multi-billion dollar asset portfolios. He is currently the CEO of Holdun, a 5th generation family business which offers family office services, wealth management services, trust services, corporate services, concierge services and financial services and was awarded best Multi-Family Office in the Caribbean 2017 for Holdun Family Office. A tech savvy investor, he has made many investments in startups including Stradigi AI, Addepar, Uber, LeAD Sports Accelerator, Sway Ventures, and Falcon 5. He has accumulated five finance and investment certificates to compliment his finance degree from King’s University College. He’s considered by entrepreneurs to be founder friendly. About this episode: On this week's episode of NCFA's Fintech Friday's Podcast, our host Manseeb Khan sits down with Brendan Dunn the Managing partner of the Holt Accelerator program. They talk about why are accelerators are important, how the can find the right companies and what their Fintech Show is. Enjoy! Subscribe and tune in each ...
Read More
FF EP34 Brendan Holt Dunn - Global Governance Insights on Emerging Risks
CNN Business | Clare Duffy | July 4, 2019 New York (CNN Business)American lawmakers are concerned that Facebook's Libra cryptocurrency may try to challenge the dollar and are demanding the company stand down. They want Facebook to immediately halt development of Libra until regulators have time to examine the plans and "take action," according to a letter sent Tuesday to the company by a group of lawmakers from the House Financial Services Committee. Chairwoman Maxine Waters, a Democrat from California, first suggested a moratorium on development the day Libra was announced. The new letter represents an escalation of pressure on Facebook's digital currency plans, which have also been scrutinized by regulators around the world. Other interest groups have weighed in, too: More than 30 organizations sent a similar request to Facebook on Tuesday, saying US and foreign regulatory systems are not prepared to address questions about "national sovereignty, corporate power, consumer protection" and other issues raised by the project. The lawmakers said they want to hold public hearings on the "risks and benefits of cryptocurrency-based activities and explore legislative solutions." "Failure to cease implementation before we can do so risks a new Swiss-based financial system that is too big to ...
Read More
libra - Global Governance Insights on Emerging Risks
Bicameral Ventures Release | June 27, 2019 TORONTO, June 27, 2019 /PRNewswire-PRWeb/ -- Bicameral Ventures, the fund powering value creation through their "Interconnected Investing" model, announced today a highly strategic investment in Balance aimed at accelerating its growth. The investment brings Bicameral's portfolio to nine projects that are targeting challenges in various layers of the technology stack, with an aim of delivering superior end-user experiences by leveraging the blockchain and associated virtualized technologies. "Most M&A destroys value, especially as the problems centrally-planned corporations are trying to solve grow increasingly complex. Instead, Bicameral has brought together a group of independent yet 'interconnected' projects working at all layers of this novel technology stack, to attack multiple facets of the largest challenges. Balance, with its unique take on institutional grade custody for digital assets and hyper focus on UX and connectivity, provides an important building block in the delivery of unparalleled end user experiences that leverage decentralized technology," said Alex McDougall, Chief Investment Officer, Bicameral Ventures. See:  Crypto Custody: Our Shared Journey Towards Mass Adoption Balance adds another critical component to Bicameral's unique portfolio of highly complementary projects focused on accelerating Web 3.0 adoption. As a key aspect of executing on Bicameral's "Interconnected Investing" ...
Read More
Bicameral and balance - Global Governance Insights on Emerging Risks
Bank of England Review of UK’s financial system | By Huw van Steenis | June 20, 2019 Overview My report, The Future of Finance , looks at how the economy is changing; how finance can serve and support these changes; and what it could mean for the Bank of England. We have looked beyond the immediate challenges posed by the UK’s withdrawal from the EU to identify longer-term trends shaping the economy and finance — and how the Bank can support this evolution for the good of the people of the United Kingdom. A new economy is emerging driven by changes in technology, demographics and the environment. The UK is also undergoing several major transitions that finance has to respond to. What this means for finance Finance is likely to undergo intense change over the coming decade. The shift to digitally-enabled services and firms is already profound and appears to be accelerating. The shift from banks to market-based finance is likely to grow further. See:  Tech’s raid on the banks EY Global FinTech Adoption Index finds over half (64%) of global consumers use FinTech The Roadblocks to European Fintech Expansion Ultra low rates, new regulations and the need to invest ...
Read More
review of UK financial system report June 2016 - Global Governance Insights on Emerging Risks
Coindesk | Nikhilesh De | June 28, 2019 Canada-based social media company Kik is relinquishing control of its legal defense crowdfunding campaign to the Blockchain Association in an effort to broaden the initiative’s reach. Kik and the Blockchain Association announced Friday that the D.C.-based lobbyist group would be taking over “Defend Crypto,” the crowdfunding initiative that Kik previously launched to raise funds for its ongoing battle with the U.S. Securities and Exchange Commission. While Kik will retain the $5 million it initially contributed to the fund, all of the other donations – some $1.9 million – will be set aside for other crypto projects facing similar lawsuits. What’s more, the company intends to donate $500,000 in kin tokens to help support the fund. The move represents a significant departure from the effort’s initial goal. According to the campaign’s website, all donations were supposed to solely support Kik’s legal efforts. “Once the case against Kik is resolved, all remaining funds, including any portion of the initial $5 [million] contribution by Kik, will be allocated to a nonprofit organization to be used for other initiatives that help with innovation in our industry,” the website read as of June 24. However, in its announcement on ...
Read More
blockchain association to defend crypto fund - Global Governance Insights on Emerging Risks

 


NCFA Jan 2018 resize - Global Governance Insights on Emerging RisksThe National Crowdfunding & Fintech Association of Canada (NCFA Canada) is a cross-Canada non-profit actively engaged with cryptocurrency, blockchain, crowdfunding, alternative finance, fintech, P2P, ICO, STO, and online investing stakeholders globally. NCFA Canada provides education, research, industry stewardship, services, and networking opportunities to thousands of members and subscribers and works closely with industry, government, academia, community and eco-system partners and affiliates to create a strong and vibrant crowdfunding and fintech industry. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: ncfacanada.org