Global Governance Insights on Emerging Risks

Bleu Azur Consulting | June 17, 2018

Direct and indirect costs of cyberattacks - Global Governance Insights on Emerging RisksA HEIGHTENED FOCUS ON RESPONSE AND RECOVERY

Over a third of directors of US public companies now discuss cybersecurity at every board meeting. Cyber risks are being driven onto the agenda by

  • high-profile data breaches,
  • distributed denial of services (DDoS) attacks,
  • and rising ransomware and cyber extortion attacks.

The concern about cyber risks is justified. The annual economic cost of cyber-crime is estimated at US$1.5 trillion and only about 15% of that loss is currently covered by insurance.

MMC Global Risk Center conducted research and interviews with directors from WCD to understand the scope and depth of cyber risk management discussions in the boardroom. The risk of cyberattack is a constantly evolving threat and the interviews highlighted the rising focus on resilience and recovery in boardroom cyber discussions. Approaches to cyber risks are maturing as organizations recognize them as an enterprise business risk, not just an information technology (IT) problem.

However, board focus varies significantly across industries, geographies, organization size and regulatory context. For example, business executives ranked cyberattacks among the top five risks of doing business in the Asia Pacific region but Asian organizations take 1.7 times longer than the global median to discover a breach and spend on average 47% less on information security than North American firms.

REGULATION ON THE RISE

Tightening regulatory requirements for cybersecurity and breach notification across the globe such as

  • the EU GDPR,
  • China’s new Cyber Security Law,
  • and Australia’s Privacy Amendment,

are also propelling cyber onto the board agenda. Most recently, in February 2018, the USA’s Securities and Exchange Commission (SEC) provided interpretive guidance to assist public companies in preparing disclosures about cybersecurity risks and incidents.

Regulations relating to transparency and notifications around cyber breaches drive greater discussion and awareness of cyber risks. Industries such as

  • financial services,
  • telecommunications
  • and utilities,

are subject to a large number of cyberattacks on a daily basis and have stringent regulatory requirements for cybersecurity.

See:  Bithumb $31 Million Crypto Exchange Hack: What We Know (And Don’t)

Kris Manos, Director, KeyCorp, Columbia Forest Products, and Dexter Apache Holdings, observed, “The manufacturing sector is less advanced in addressing cyber threats; the NotPetya and WannaCry attacks flagged that sector’s vulnerability and has led to a greater focus in the boardroom.” For example, the virus forced a transportation company to shut down all of its communications with customers and also within the company. It took several weeks before business was back to normal, and the loss of business was estimated to have been as high as US$300 million. Overall, it is estimated that as a result of supply chain disruptions, consumer goods manufacturers, transport and logistics companies, pharmaceutical firms and utilities reportedly suffered, in aggregate, over US$1 billion in economic losses from the NotPetya attacks. Also, as Cristina Finocchi Mahne, Director, Inwit, Italiaonline, Banco Desio, Natuzzi and Trevi Group, noted, “The focus on cyber can vary across industries depending also on their perception of their own clients’ concerns regarding privacy and data breaches.”

LESSONS LEARNED: UPDATE RESPONSE PLANS AND EVALUATE THIRD-PARTY RISK

The high-profile cyberattacks in 2017, along with new and evolving ransomware onslaughts, were learning events for many organizations. Lessons included the need to establish relationships with organizations that can assist in the event of a cyberattack, such as l

  • aw enforcement,
  • regulatory agencies and recovery service providers
  • including forensic accountants and crisis management firms.

Many boards need to increase their focus on their organization’s cyber incident response plans. A recent global survey found that only 30% of companies have a cyber response plan and a survey by the National Association of Corporate Directors (NACD) suggests that only 60% of boards have reviewed their breach response plan over the past 12 months. Kris Manos noted, “[If an attack occurs,] it’s important to be able to quickly access a response plan. This also helps demonstrate that the organization was prepared to respond effectively.”

Experienced directors emphasized the need for effective response plans alongside robust cyber risk mitigation programs to ensure resilience, as well as operational and reputation recovery. As Jan Babiak, Director, Walgreens Boots Alliance, Euromoney Institutional Investor, and Bank of Montreal, stressed, “The importance of the ’respond and recover’ phase cannot be overstated, and this focus needs to rapidly improve.”

Directors need to review how the organization will communicate and report breaches. Response plans should include preliminary drafts of communications to all stakeholders including customers, suppliers, regulators, employees, the board, shareholders, and even the general public. The plan should also consider legal requirements around timelines to report breaches so the organization is not hit with financial penalties that can add to an already expensive and reputationally damaging situation. Finally, the response plan also needs to consider that normal methods of communication (websites, email, etc.) may be casualties of the breach. A cyber response plan housed only on the corporate network may be of little use in a ransomware attack.

Other lessons included the need to focus on cyber risks posed by third-party suppliers, vendors and other impacts throughout the supply chain. Shirley Daniel, Director, American Savings Bank, and Pacific Asian Management Institute, noted, “Such events highlight vulnerability beyond your organization’s control and are raising the focus on IT security throughout the supply chain.” Survey data suggests that about a third of organizations do not assess the cyber risk of vendors and suppliers. This is a critical area of focus as third-party service providers (e.g., software providers, cloud services providers, etc.) are increasingly embedded in value chains.

More:  The growing cost of cybersecurity

FRUSTRATIONS WITH OVERSIGHT

Most directors expressed frustrations and challenges with cyber risk oversight even though the topic is frequently on meeting agendas. Part of the challenge is that director-level cyber experts are thin on the ground; most boards have only one individual serving as the “tech” or “cyber” person. A Spencer Stuart survey found that 41% of respondents said their board had at least one director with cyber expertise, with an additional 7% who are in the process of recruiting one. Boards would benefit from the addition of experienced individuals who can identify the connections between cybersecurity and overall company strategy.

A crucial additional challenge is obtaining clarity on the organization’s overall cyber risk management framework. (See Exhibit 1: Boards Need More Information on Cyber Investments.) Olga Botero, Director, Evertec, Inc., and Founding Partner, C&S Customers and Strategy, observed, “There are still many questions unanswered for boards, including:

  • How good is our security program?
  • How do we compare to peers?

There is a big lack of benchmarking on practices.” Anastassia Lauterbach, Director, Dun & Bradstreet, and member of Evolution Partners Advisory Board, summarized it well, “Boards need a set of KPIs for cybersecurity highlighting their company’s

  • unique business model,
  • legacy IT,
  • supplier and partner relationships,
  • and geographical scope.”

Nearly a quarter of boards are dissatisfied with the quality of management-provided information related to cybersecurity because of insufficient transparency, inability to benchmark and difficulty of interpretation.

EFFECTIVE OVERSIGHT IS BUILT ON A COMPREHENSIVE CYBER RISK MANAGEMENT FRAMEWORK

Organizations are maturing from a “harden the shell” approach to a protocol based on understanding and protecting core assets and optimizing resources. This includes the application of risk disciplines to assess and manage risk, including quantification and analytics. (See Exhibit 2: Focus Areas of a Comprehensive Cyber Risk Management Framework.) Quantification shifts the conversation from a technical discussion about threat vectors and system vulnerabilities to one focused on maximizing the return on an organization’s cyber spending and lowering its total cost of risk.

Cyber risk management process - Global Governance Insights on Emerging Risks

See:  FSB warns of third-party FinTech risk

Directors also emphasized the need to embed the process in an overall cyber risk management framework and culture. “The culture must emphasize openness and learning from mistakes. Culture and cyber risk oversight go hand in hand,” said Anastassia Lauterbach. Employees should be encouraged to flag and highlight potential cyber incidents, such as phishing attacks, as every employee plays a vital role in cyber risk management. Jan Babiak noted, “If every person in the organization doesn’t view themselves as a human firewall, you have a soft underbelly.” Mary Beth Vitale, Director, GEHA and CoBiz Financial, Inc., also noted, “Much of cyber risk mitigation is related to good housekeeping such as timely patching of servers and ongoing employee training and alertness.”

Boards also need to be alert. “Our board undertakes the same cybersecurity training as employees,” noted Wendy Webb, Director, ABM Industries. Other boards are putting cyber updates and visits to security centers on board “offsite” agendas.

Continue to the full article --> here

 

Click for News:

latest news - Global Governance Insights on Emerging Risks

 

National Post | Andy Blatchford | Oct 5, 2019 The letter was drafted by a lobby group representing signatories run domestic firms that employed more than 35,000 people last year and generated more than $6 billion for the economy OTTAWA — More than 110 Canadian tech CEOs have signed an open letter urging political parties to take action to strengthen the country’s innovative economy, and avoid falling further behind international peers. So far, major parties have put forward pledges in areas like affordability, first-time home-buyers and climate change, but the campaigns have offered few promises designed to drive economic growth in the digital age. “We’re writing because Canada’s productivity is lagging and our future economic prosperity is at risk,” reads the letter addressed to Liberal Leader Justin Trudeau, Conservative Leader Andrew Scheer, NDP Leader Jagmeet Singh and Green Leader Elizabeth May. “You can help by developing economic policies that advance innovative Canadian companies, including increasing their access to skilled talent, growth capital and new customers.” The letter was drafted by the Council of Canadian Innovators, a lobby group representing some of the country’s fastest-growing companies. Combined, its signatories run domestic firms that employed more than 35,000 people last year and ...
Read More
liberal trudeau and innovation - Global Governance Insights on Emerging Risks
CarefulCents  | Ryan Friend | Sep 17, 2019 Of all the types of insurance out there, health insurance is perhaps the most important. After all, without our health, it’s difficult to do much else in life. However, in the United States, which relies mostly on a private health insurance system, costs are high, and it’s often very confusing to know how much you can expect to pay. This is because you can get health insurance in many different ways. You can buy it on your own, receive it from your employer as part of your compensation package, or get it from the federal government. However, just because the world of health insurance is confusing, it does not mean you need to pay more than you should, and knowing the average costs of the many different types of health insurance can help you understand if your premiums are fair or if it’s time for a change. Below we’ve outlined all the different factors that determine the cost of your insurance and also identified the average rates for the various options out there. In addition, you will find some tips to help you save on your insurance so that you can get ...
Read More
health insurance - Global Governance Insights on Emerging Risks
Coindesk | David Pan | Oct 9, 2019 Mutual fund giant Vanguard has partnered with Nasdaq Ventures-backed blockchain startup Symbiont to develop a trading platform for the $6 trillion currency market, the companies said. With the new platform, Vanguard, which manages $5.2 trillion, aims to lower transaction costs for the trillions of dollars worth of currencies it trades annually by boosting peer-to-peer trading for investors, connecting them directly via blockchain technology. Symbiont CEO Mark Smith told CoinDesk the company teamed up with Vanguard to build the currency platform, confirming a Bloomberg report that cited an anonymous source. The platform has been operational for two months and completed its first trades during the time, according to the report. A Vanguard spokesperson told CoinDesk: “Vanguard is currently piloting a project focused on improving the efficiency and reducing risk of FX hedging.” The new platform is part of the fund manager’s commitment to lowering the cost of investing for all investors, the spokesperson said. Neither company would provide further details of the pilot. See:  HSBC settles FX deals worth $250 billion on blockchain in last year Machine Learning in Finance – Present and Future Applications The project, if successful, would be another important milestone ...
Read More
Vanguard ForeX blockchain platform - Global Governance Insights on Emerging Risks
Finextra | Oct 8, 2019 The Swiss National Bank (SNB) is working with the Bank for International Settlements (BIS) on an innovation hub in Switzerland that will initially focus on research into digital central bank money and distributed ledger technology. The SNB is working with SIX on the research, embarking on a proof of concept to explore how digital central bank money could be used in the settlement of tokenized assets between market participants. The project is making use of the SIX Digital Exchange (SDX) platform, which is currently being built and promises to be the world's first end-to-end exchange for digital assets when it launches next year offering listing, trading, settlement and custody service. See:  Mark Carney’s Trojan Unicorn — Are Central Banks Considering Stealth Nationalization in Sovereign Digital Currencies? The SDX system will be used to explore technical possibilities for integrating digital central bank money into DLT platforms. Options include the connection of the existing Swiss Interbank Clearing System or the issue of digital Swiss franc tokens by the SNB for financial market participants. Jos Dijsselhof, CEO, SIX, says: "We are pleased to contribute to this initiative and, through SIX Digital Exchange, to explore the technological possibilities with ...
Read More
Switzerland - Global Governance Insights on Emerging Risks
Andreessen Horowitz | Anish Acharya In 2006, LendingClub introduced a then-novel business model: the ability to offer online personal loans to millions of underserved customers. The peer-to-peer lender was a media and investor darling, hailed as a tech-enabled alternative to traditional banks. When LendingClub went public in 2014, it was valued at $8.5 billion, the year’s single largest US tech IPO. Now, five years later, that fintech pioneer has lost 85 percent of its market value. Meanwhile, mobile upstart MoneyLion launched in 2013, also providing online personal loans—a direct competitor to LendingClub. Today, MoneyLion claims more than 5 million users and is valued at nearly $1 billion. See:  Peer to Peer Lending: The Future of Fintech is Now LendingClub had significant competitive advantages, from low customer acquisition costs—back then, personal loans keywords weren’t nearly as competitive on Google and Facebook was actively promoting LendingClub as an early F8 partner—to improved underwriting (the company provided lenders with access to customers’ credit score, total debt, income, monthly cash flow, and social data). So why is LendingClub experiencing growing pains while MoneyLion sees significant growth? Though the latter started out solely as an online lender, it quickly morphed into an all-in-one lending, savings, ...
Read More
fintech lenders in disguise - Global Governance Insights on Emerging Risks
CNBC | Chloe Taylor | Oct 8, 2019 Singapore has overtaken the U.S. to become the most competitive nation in the world, according to the World Economic Forum (WEF). In its 2019 Global Competitiveness Report, the WEF measured the strength of 103 key indicators, such as inflation, digital skills and trade tariffs, across 141 countries. The key indicators in the report were organized into 12 pillars, which included institutions, macroeconomic stability and health. The U.S., which held the top spot in 2018′s ranking, dropped into second place this year, although the report’s authors noted that it “remains an innovation powerhouse.” America received the highest score in the world in several subcategories, including ease of finding skilled employees and venture capital availability, with the U.S. also being ranked higher than any other country in the business dynamism pillar. However, the country scored relatively low in some categories, with increasing trade tariffs, declining life expectancy and low digital skills among the American population taking a toll on the United States’ overall ranking. The WEF noted that life expectancy in the U.S. is now lower than it is in China, with the U.S. having only the 39th highest life expectancy in the world ...
Read More
Singapore financial district - Global Governance Insights on Emerging Risks
McKinsey & Company | Oct 2019 Ten years ago 10 years ago, the US retail banking industry was in the depths of the global financial crisis, with many one-time leading institutions struggling to survive. Since then, after bringing in billions in fresh capital, US banks have made a return to stable ground and greater liquidity. Despite this progress, aggregate return on equity is at the lower bound of sustainability, and the industry’s price-to-book value is about 1.4, not far above where it stood in 2009. Customer trust has improved from the downturn but is still well below pre-crisis levels. Though most banks were able to avoid unsettling challenges in the following ten years, few were able to break out and significantly outperform the industry. Now, however, several major forces are accelerating the evolution of the US banking industry–the encroachment of new competitors, rising expectations from customers on service levels and corporate responsibility, and an intensifying war for talent—and promising to make doing business more challenging in the coming ten years. Further, US banks have yet to go through the restructuring that has already swept European and Asian markets, where a majority of services are delivered digitally. In this report, we ...
Read More
7 transformative shifts in US retail banking banner - Global Governance Insights on Emerging Risks
Crowdfund Insider | JD Alois | Oct 7, 2019 Last week, the Alberta Securities Commission (ASC) adopted a “Blanket Order” for “Startup Crowdfunding Registration and Prospectus Exemptions.” In effect, the ASC was seeking to improve access to capital for smaller firms – a good thing- but the move also highlights the disparity between the provinces and a greater need for national harmonization of online capital formation rules. Financial services in Canada are all regulated at the provincial level thus there exists a degree of disparity regarding rules. While a smaller country by population, Canada has consistently ranked high in entrepreneurship and innovation. According to a recent KPMG report, the Canadian Fintech ecosystem is thriving but, like any other country, more can be done. Crowdfund Insider reached out to Denise Weeres, Director, New Economy at the ASC and Craig Asano, Executive Director and founder of the National Crowdfunding and Fintech Association of Canada (NCFA). The NCFA has long led the charge advocating on behalf of Canada’s emerging Fintech market and various securities crowdfunding platforms. The New Economy Division of the ASC works closely with staff to coordinate efforts to facilitate capital-raising by new economy companies entering the capital market. The Division ...
Read More
Canadian flag2 - Global Governance Insights on Emerging Risks
TNW Hard Fork | Yessi Bello Perez | Oct 7, 2019 As Facebook deals with the loss of PayPal‘s backing for its ‘cryptocurrency‘ Libra, the tech giant must now get ready to answer EU regulators’ questions about the potential risks posed by the project. The European Commission has requested that Facebook and the Libra Association – the body tasked with supervising the digital currency – answer questions relating to financial stability, money laundering, and data privacy risks. According to the Financial Times, which saw the commission’s questionnaire last week, this is all part of EU financial commissioner Valdis Dombrovskis’ efforts to asses whether projects such as Libra should be regulated in the EU, if new regulation is required, or whether the ‘cryptocurrency‘ should be allowed to operate at all. See:  Libra: France opposes the development of Facebook’s currency “on European soil” News on China cryptocurrency and more reforms Competition Bureau’s call for intel on anti-competitive conduct in digital economy raises eyebrows The news couldn’t come at a worse time for Facebook, which has faced increasing scrutiny and opposition from regulators in recent months. Just last month, Libra‘s founders were subject to questioning by 26 central bank officials in what was the first encounter between the ...
Read More
Facebook Libra and EU committee - Global Governance Insights on Emerging Risks
Betakit | Isabelle Kirkwood | Oct 4, 2019 This week, Hut 8 Mining Corp., a cryptocurrency mining and blockchain infrastructure company headquartered in Toronto, announced it would begin trading on the Toronto Stock Exchange (TSX) on October 8. In addition to expediting new listings and transactions, the Sandbox could also become a channel for new securities policy development. The company is the first blockchain or cryptocurrency company to be listed on the TSX, and is also the first to be listed via the TSX Sandbox. The program aims to accept more listing applications and transactions, and grant access to newer companies that don’t meet all the traditional requirements to be listed, such as market capitalization, a long-form prospectus, management team’s experience level, incorporation in Canada, or corporate governance practices. “Our move to the TSX, the senior public market of the TMX Group, is another significant step in our evolution to provide improved liquidity and enhanced public disclosure to investors,” Andrew Kiguel, CEO of Hut 8, said when the company first announced it would list last month. “We are grateful to the TSX for conditionally approving Hut 8 to be the first company through the TSX Sandbox.” The TSX said Sandbox ...
Read More
bitcoin mining hut 8 lists - Global Governance Insights on Emerging Risks

 


NCFA Jan 2018 resize - Global Governance Insights on Emerging RisksThe National Crowdfunding & Fintech Association of Canada (NCFA Canada) is a cross-Canada non-profit actively engaged with cryptocurrency, blockchain, crowdfunding, alternative finance, fintech, P2P, ICO, STO, and online investing stakeholders globally. NCFA Canada provides education, research, industry stewardship, services, and networking opportunities to thousands of members and subscribers and works closely with industry, government, academia, community and eco-system partners and affiliates to create a strong and vibrant crowdfunding and fintech industry. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: ncfacanada.org