2022 Fintech and Funding Conference (FFCON22: REGEN) | Dec 1 + Dec 6, 2022 Hybrid

Global Governance Insights on Emerging Risks

Bleu Azur Consulting | June 17, 2018

Direct and indirect costs of cyberattacks - Global Governance Insights on Emerging RisksA HEIGHTENED FOCUS ON RESPONSE AND RECOVERY

Over a third of directors of US public companies now discuss cybersecurity at every board meeting. Cyber risks are being driven onto the agenda by

  • high-profile data breaches,
  • distributed denial of services (DDoS) attacks,
  • and rising ransomware and cyber extortion attacks.

The concern about cyber risks is justified. The annual economic cost of cyber-crime is estimated at US$1.5 trillion and only about 15% of that loss is currently covered by insurance.

MMC Global Risk Center conducted research and interviews with directors from WCD to understand the scope and depth of cyber risk management discussions in the boardroom. The risk of cyberattack is a constantly evolving threat and the interviews highlighted the rising focus on resilience and recovery in boardroom cyber discussions. Approaches to cyber risks are maturing as organizations recognize them as an enterprise business risk, not just an information technology (IT) problem.

However, board focus varies significantly across industries, geographies, organization size and regulatory context. For example, business executives ranked cyberattacks among the top five risks of doing business in the Asia Pacific region but Asian organizations take 1.7 times longer than the global median to discover a breach and spend on average 47% less on information security than North American firms.

REGULATION ON THE RISE

Tightening regulatory requirements for cybersecurity and breach notification across the globe such as

  • the EU GDPR,
  • China’s new Cyber Security Law,
  • and Australia’s Privacy Amendment,

are also propelling cyber onto the board agenda. Most recently, in February 2018, the USA’s Securities and Exchange Commission (SEC) provided interpretive guidance to assist public companies in preparing disclosures about cybersecurity risks and incidents.

Regulations relating to transparency and notifications around cyber breaches drive greater discussion and awareness of cyber risks. Industries such as

  • financial services,
  • telecommunications
  • and utilities,

are subject to a large number of cyberattacks on a daily basis and have stringent regulatory requirements for cybersecurity.

See:  Bithumb $31 Million Crypto Exchange Hack: What We Know (And Don’t)

Kris Manos, Director, KeyCorp, Columbia Forest Products, and Dexter Apache Holdings, observed, “The manufacturing sector is less advanced in addressing cyber threats; the NotPetya and WannaCry attacks flagged that sector’s vulnerability and has led to a greater focus in the boardroom.” For example, the virus forced a transportation company to shut down all of its communications with customers and also within the company. It took several weeks before business was back to normal, and the loss of business was estimated to have been as high as US$300 million. Overall, it is estimated that as a result of supply chain disruptions, consumer goods manufacturers, transport and logistics companies, pharmaceutical firms and utilities reportedly suffered, in aggregate, over US$1 billion in economic losses from the NotPetya attacks. Also, as Cristina Finocchi Mahne, Director, Inwit, Italiaonline, Banco Desio, Natuzzi and Trevi Group, noted, “The focus on cyber can vary across industries depending also on their perception of their own clients’ concerns regarding privacy and data breaches.”

LESSONS LEARNED: UPDATE RESPONSE PLANS AND EVALUATE THIRD-PARTY RISK

The high-profile cyberattacks in 2017, along with new and evolving ransomware onslaughts, were learning events for many organizations. Lessons included the need to establish relationships with organizations that can assist in the event of a cyberattack, such as l

  • aw enforcement,
  • regulatory agencies and recovery service providers
  • including forensic accountants and crisis management firms.

Many boards need to increase their focus on their organization’s cyber incident response plans. A recent global survey found that only 30% of companies have a cyber response plan and a survey by the National Association of Corporate Directors (NACD) suggests that only 60% of boards have reviewed their breach response plan over the past 12 months. Kris Manos noted, “[If an attack occurs,] it’s important to be able to quickly access a response plan. This also helps demonstrate that the organization was prepared to respond effectively.”

Experienced directors emphasized the need for effective response plans alongside robust cyber risk mitigation programs to ensure resilience, as well as operational and reputation recovery. As Jan Babiak, Director, Walgreens Boots Alliance, Euromoney Institutional Investor, and Bank of Montreal, stressed, “The importance of the ’respond and recover’ phase cannot be overstated, and this focus needs to rapidly improve.”

Directors need to review how the organization will communicate and report breaches. Response plans should include preliminary drafts of communications to all stakeholders including customers, suppliers, regulators, employees, the board, shareholders, and even the general public. The plan should also consider legal requirements around timelines to report breaches so the organization is not hit with financial penalties that can add to an already expensive and reputationally damaging situation. Finally, the response plan also needs to consider that normal methods of communication (websites, email, etc.) may be casualties of the breach. A cyber response plan housed only on the corporate network may be of little use in a ransomware attack.

Other lessons included the need to focus on cyber risks posed by third-party suppliers, vendors and other impacts throughout the supply chain. Shirley Daniel, Director, American Savings Bank, and Pacific Asian Management Institute, noted, “Such events highlight vulnerability beyond your organization’s control and are raising the focus on IT security throughout the supply chain.” Survey data suggests that about a third of organizations do not assess the cyber risk of vendors and suppliers. This is a critical area of focus as third-party service providers (e.g., software providers, cloud services providers, etc.) are increasingly embedded in value chains.

More:  The growing cost of cybersecurity

FRUSTRATIONS WITH OVERSIGHT

Most directors expressed frustrations and challenges with cyber risk oversight even though the topic is frequently on meeting agendas. Part of the challenge is that director-level cyber experts are thin on the ground; most boards have only one individual serving as the “tech” or “cyber” person. A Spencer Stuart survey found that 41% of respondents said their board had at least one director with cyber expertise, with an additional 7% who are in the process of recruiting one. Boards would benefit from the addition of experienced individuals who can identify the connections between cybersecurity and overall company strategy.

A crucial additional challenge is obtaining clarity on the organization’s overall cyber risk management framework. (See Exhibit 1: Boards Need More Information on Cyber Investments.) Olga Botero, Director, Evertec, Inc., and Founding Partner, C&S Customers and Strategy, observed, “There are still many questions unanswered for boards, including:

  • How good is our security program?
  • How do we compare to peers?

There is a big lack of benchmarking on practices.” Anastassia Lauterbach, Director, Dun & Bradstreet, and member of Evolution Partners Advisory Board, summarized it well, “Boards need a set of KPIs for cybersecurity highlighting their company’s

  • unique business model,
  • legacy IT,
  • supplier and partner relationships,
  • and geographical scope.”

Nearly a quarter of boards are dissatisfied with the quality of management-provided information related to cybersecurity because of insufficient transparency, inability to benchmark and difficulty of interpretation.

EFFECTIVE OVERSIGHT IS BUILT ON A COMPREHENSIVE CYBER RISK MANAGEMENT FRAMEWORK

Organizations are maturing from a “harden the shell” approach to a protocol based on understanding and protecting core assets and optimizing resources. This includes the application of risk disciplines to assess and manage risk, including quantification and analytics. (See Exhibit 2: Focus Areas of a Comprehensive Cyber Risk Management Framework.) Quantification shifts the conversation from a technical discussion about threat vectors and system vulnerabilities to one focused on maximizing the return on an organization’s cyber spending and lowering its total cost of risk.

Cyber risk management process - Global Governance Insights on Emerging Risks

See:  FSB warns of third-party FinTech risk

Directors also emphasized the need to embed the process in an overall cyber risk management framework and culture. “The culture must emphasize openness and learning from mistakes. Culture and cyber risk oversight go hand in hand,” said Anastassia Lauterbach. Employees should be encouraged to flag and highlight potential cyber incidents, such as phishing attacks, as every employee plays a vital role in cyber risk management. Jan Babiak noted, “If every person in the organization doesn’t view themselves as a human firewall, you have a soft underbelly.” Mary Beth Vitale, Director, GEHA and CoBiz Financial, Inc., also noted, “Much of cyber risk mitigation is related to good housekeeping such as timely patching of servers and ongoing employee training and alertness.”

Boards also need to be alert. “Our board undertakes the same cybersecurity training as employees,” noted Wendy Webb, Director, ABM Industries. Other boards are putting cyber updates and visits to security centers on board “offsite” agendas.

Continue to the full article --> here

 

Click for News:

latest news - Global Governance Insights on Emerging Risks

 

The Defiant | Owen Fernau  | Sep 22, 2022 Agency Alleges Ooki DAO Offered Derivatives Without a License In a case that has roiled the crypto community and triggered a dissent from one its own officials, the U.S. Commodity Futures Trading Commission (CFTC) brought an enforcement action yesterday that challenges fundamental tenets of decentralized finance. On Sept. 22, the regulator alleged in a lawsuit that a DAO called Ooki DAO engaged in activities that only regulated entities called futures commission merchants (FCM) can perform. The DAO illegally offered leveraged and marginal retail commodity transactions in digital assets, which are derivatives, and agreed to pay a $250,000 penalty, the CFTC said. The commission also named the venture’s founders, Tom Bean and Kyle Kistner, in the suit. See:  New U.S. Bill Gives Crypto Oversight to the CFTC The CFTC’s actions suggest that calling an entity a DAO, or invoking token-based voting as part of an organization’s decision-making process, doesn’t necessarily protect that entity from the legal responsibilities of a traditionally regulated institution. CFTC Commissioner Summer Mersinger - broke rank with her five fellow commissioners and said: The action wasn’t supported by the Commodity Exchange Act, the law that regulates derivatives inssuance, and amounted ...
Read More
CFTC - Global Governance Insights on Emerging Risks
Betakit | Josh Scott | Sep 21, 2022 FrontFundr has launched its own fundraising campaign on FrontFundr, which the company said will remain open to the public until November 4. Toronto-based FrontFundr has announced that it has helped startups raise over $140 million across more than 100 fundraising campaigns using its equity crowdfunding platform. Since Canadian regulators introduced harmonized crowdfunding rules across Canada, making equity crowdfunding more accessible, Van Hoeken has seen its popularity rise, especially as broader economic conditions have worsened. So far, FrontFundr has raised a total of $7.3 million CAD from over 900 investors. The company aims to raise another $2.5 million to $5 million through its latest offering to support its product development plans and boost its sales. To date, FrontFundr has built a community of more than 30,000 users. The startup’s platform has helped Canadian tech startups like Manzil, Caary, and FrontFundr itself raise capital. Van Hoeken also sees a future where FrontFundr can help more public companies raise money using its platform. Over the longer-term, FrontFundr has ambitions to “spread [its] wings” across North America and into the United States. See:  Fintech Fridays EP57: 10 Years of Investment Crowdfunding: Past, Present & Future Since ...
Read More
FrontFundrs team Sep 2022 - Global Governance Insights on Emerging Risks
Coinsmart | Release | Sep 22, 2022 TORONTO, Sept. 22, 2022 /CNW/ - CoinSmart Financial Inc. ("CoinSmart" or the "Company") (NEO: SMRT) (FSE: IIR), announced today that it has entered into a definitive agreement dated September 22, 2022 (the "Purchase Agreement") with Coinsquare Ltd. ("Coinsquare"), a leading Canadian crypto asset trading platform, pursuant to which CoinSmart has agreed to sell to Coinsquare all of the issued and outstanding shares of its wholly-owned operating subsidiary Simply Digital Technologies Inc. ("Simply Digital") (the "Transaction"). The acquisition and integration of these two businesses will establish Coinsquare as one of Canada's largest crypto asset trading platforms with a diversified and compliant offering across various business lines, including both retail and institutional trading, crypto payment processing, and digital asset custody. CoinSmart will hold approximately 12% ownership in Coinsquare on a pro-forma basis. The combined company has transacted over $10 billion since January 2018, and will have over $350 million in assets under custody with a combined user base in excess of 1 million. See:  FINTECH FRIDAY$ (EP23-Feb 1): Getting Smart About Crypto and Insurtech Snapchat Models – Interview with Justin Hartzman, Co-founder and CEO of Coinsmart Crypto Exchange CoinSmart Co-Founders Justin Hartzman, Jeremy Koven, and ...
Read More
Coinsmart - Global Governance Insights on Emerging Risks
For Bitvo by Tristram Waye | Sep 22, 2022 Power of expectations and some broad elements that may impact your trading The deeper you get into the trading arena, the more you will notice the power of expectations.  Expectations shape pricing and the moves in response to news and events.  They shape how market participants reflexively respond and reposition which further influences prices and policies.  And that means that expectations affect your trading decisions. The Fed and the economic data:  We will be focused on the US because the Federal Reserve can be considered the world’s central bank.   These reports give some insight into the economic conditions taking place. Some of these have a lag. Others are more recent. And there are other reports that give more granular insights into business conditions and numerous other metrics.  See:  Should You Be Hedging Your Crypto Trading? These data points have varying relevance and importance based on circumstances in the real world. So one data point might be a focal point in one period and of little relevance in another. And, of course, there are seasonal trends in many data points. Right now, there is a focus on inflation. Inflation management falls to ...
Read More
Power of expectations - Global Governance Insights on Emerging Risks
NfX | Pete Flint | Sep 2022 Affordability issues breeding innovation:  Real estate has always been more than just the largest asset class in the world. It is the embodiment of home and work, family and business – the opportunity of generational wealth, writ large. The American dream.  One that has become increasingly out of reach to most Americans. Paths to ownership of real estate are expanding. What “ownership” even means is also expanding. Affordability and access to traditional home ownership has only eroded since the housing bubble in 2008, as lending standards tightened and home prices have soared in recent years. And yet, restriction breeds innovation and market changes create opportunity. From the front lines with proptech Founders, we’re seeing early signs of a real estate revolution. See:  Vancouver Proptech Startup addy Launches Canada’s First Crowdfunded Real Estate Investing App Real Estate 1.0: The Information Revolution:  The first phase of tech adoption in the home-buying process was Real Estate 1.0, an information revolution enabled by the internet. The problem was the lack of information about one of the most important financial decisions a person can make: buying or selling a home. Real Estate 2.0: The Transaction Revolution: Streamlining the ...
Read More
Real estate as a percentage of real assets - Global Governance Insights on Emerging Risks
TechCrunch | Carly Page | Sep 20, 2022 Fintech startup Revolut has confirmed it was hit by a highly targeted cyberattack that allowed hackers to access the personal details of tens of thousands of customers. Response: Revolut spokesperson Michael Bodansky told TechCrunch: an “unauthorized third party obtained access to the details of a small percentage (0.16%) of our customers for a short period of time.” Revolut discovered the malicious access late on September 11 and isolated the attack by the following morning.  We immediately identified and isolated the attack to effectively limit its impact and have contacted those customers affected.  Customers who have not received an email have not been impacted." See:  Revolut executive resigns amid growing tensions with the FCA over banking license In a message sent to affected customers posted to Reddit, the company said that “no card details, PINs or passwords were accessed.” However, the breach disclosure states that hackers likely accessed partial card payment data, along with customers’ names, addresses, email addresses and phone numbers. How many customers:  first spotted by Bleeping Computer, the company says 50,150 customers were impacted by the breach, including 20,687 customers in the European Economic Area and 379 Lithuanian citizens. How did ...
Read More
Revolut  - Global Governance Insights on Emerging Risks
Bain & Company | Matt Harris, Adam Davis, Blake Adams, and Jeff Tijssen | Sep 12, 2022 A completely new proposition for financial services customers Research Overview: We set out to quantify the size, growth profile, and economics of the key offerings powering the rise of embedded finance, focusing on the US market. Consisting of over 50 interviews with industry practitioners, market experts, and analysts, as well as a synthesis of published data, this research also draws on our collective experience working with software platforms, enabling firms, and license and regulatory services providers. See:  Canadien blooming. The fertile “Valley” for finance innovation FLOW: OB, CAN Trends, Beyond OB: BaaS + Embedded Finance, tunl The rise of embedded finance marks a new era, not only for banking transactions but also for how consumers and businesses build and manage relationships with financial services more broadly. In 2019, we wrote about the burgeoning movement of fintech from a business model unto itself to a key ingredient in the software platform stack—the “fourth platform.” Customers benefit from contextual, seamless experiences; platforms can unlock new use cases and often use proprietary customer data to improve financial access, while reducing costs for their end customers. We ...
Read More
Embedded finance key markets 1 - Global Governance Insights on Emerging Risks
Guest Post | Sep 21, 2022 Bitcoin Short History Bitcoin was created in 2009 as a safe haven from government oversight. It was a developer’s response to the housing crash of 2008, using his knowledge of economics and cryptography. Although there are thousands of coins in the cryptocurrency market, Bitcoin has retained its significance in cross-border payment and is even made better with competition for the lowest fee bitcoin exchange. Thankfully, there are more advanced ways of profiting off the volatility of Bitcoin beyond the common buy-hold-sell strategy. Bitcoin options trading is one of these advanced methods. Are There Options on Bitcoin? Yes. Traders can buy options contracts to speculate on the future price of Bitcoin. For buyers, options offer a way to hedge their long positions and enjoy leverage at a capped loss. In contrast, options writers get to enjoy the flexibility and keep the premium if the options expire worthlessly. Bitcoin Call Options When you believe the price of Bitcoin will increase past a certain level, you can buy a call option. Your option will be exercised if Bitcoin increases past the price on/before the closing date. If, however, the price of Bitcoin does not touch your presumed ...
Read More
Options - Global Governance Insights on Emerging Risks
Investment Executive | Melissa Shin | Sep 19, 2022 As the country prepares to mark the second National Day for Truth and Reconciliation, Indigenous communities are calling on Canada’s capital markets to support the rebuilding of Indigenous economies. In June, more than 20 Indigenous organizations released the National Indigenous Economic Strategy, which contains immediate actions industry, governments and institutions can take to support Indigenous prosperity. The strategy argues that Indigenous prosperity is tied to Canada’s prosperity, citing 2016 research from the National Indigenous Economic Development Board that found economic marginalization of Indigenous peoples costs the economy $27.7 billion each year, or 1.5% of GDP. Actions specific to the financial services industry include mandating the disclosure of Indigenous procurement and requiring that publicly traded companies report on Indigenous employment and contracting. Mark Sevestre, founding member and senior advisor to the National Aboriginal Trust Officers Association (NATOA), said institutional investors — Indigenous and non-Indigenous alike — also are demanding that companies improve their relationships with Indigenous communities. NATOA advised on the Indigenous economic strategy. Video:  OneFeather - Redefining the Indigenous Experience through Innovation and Tradition In June 2021, a bill stating that all Canadian law must be consistent with the United Nations ...
Read More
Indigenous and first nations - Global Governance Insights on Emerging Risks
Sep 20, 2022 Recent timeshave been exceptionally difficult for self-employed people. According to Forbes, who have profiled a recent research report, a staggering 92% of small business owners have experienced mental health problems over the past two years. Of this, 40% believe that their mental health recovery will take significantly longer than any potential financial recovery due to the downturn. This is an extremely worrying trend and one that has a financial and, more importantly, a human cost. For entrepreneurs, it can be hard to disengage and take a new perspective of their wellbeing; but doing so can be crucial in maintaining long-term physical - and financial - health. Getting ahead of issues Stress is often identified by entrepreneurs from a sense of trepidation when confronting key issues. Therefore, the most important early strategy to prevent burnout is to tackle any situation that might create a trigger for worsening mental health. For small business owners, one of the most common sources of stress is legal negotiations. Whether through negotiating a contract with suppliers or navigating the world of compliance, legal considerations have the potential to create huge time constraints and inflict financial damage - making them a primary source of stress. The most important way ...
Read More
Entrepreneur meeting - Global Governance Insights on Emerging Risks

 


NCFA Jan 2018 resize - Global Governance Insights on Emerging RisksThe National Crowdfunding & Fintech Association of Canada (NCFA Canada) is a cross-Canada non-profit actively engaged with cryptocurrency, blockchain, crowdfunding, alternative finance, fintech, P2P, ICO, STO, and online investing stakeholders globally. NCFA Canada provides education, research, industry stewardship, services, and networking opportunities to thousands of members and subscribers and works closely with industry, government, academia, community and eco-system partners and affiliates to create a strong and vibrant crowdfunding and fintech industry. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: ncfacanada.org

Leave a Reply

Your email address will not be published. Required fields are marked *

14 + 5 =