Global Governance Insights on Emerging Risks

Bleu Azur Consulting | June 17, 2018

Direct and indirect costs of cyberattacks - Global Governance Insights on Emerging RisksA HEIGHTENED FOCUS ON RESPONSE AND RECOVERY

Over a third of directors of US public companies now discuss cybersecurity at every board meeting. Cyber risks are being driven onto the agenda by

  • high-profile data breaches,
  • distributed denial of services (DDoS) attacks,
  • and rising ransomware and cyber extortion attacks.

The concern about cyber risks is justified. The annual economic cost of cyber-crime is estimated at US$1.5 trillion and only about 15% of that loss is currently covered by insurance.

MMC Global Risk Center conducted research and interviews with directors from WCD to understand the scope and depth of cyber risk management discussions in the boardroom. The risk of cyberattack is a constantly evolving threat and the interviews highlighted the rising focus on resilience and recovery in boardroom cyber discussions. Approaches to cyber risks are maturing as organizations recognize them as an enterprise business risk, not just an information technology (IT) problem.

However, board focus varies significantly across industries, geographies, organization size and regulatory context. For example, business executives ranked cyberattacks among the top five risks of doing business in the Asia Pacific region but Asian organizations take 1.7 times longer than the global median to discover a breach and spend on average 47% less on information security than North American firms.

REGULATION ON THE RISE

Tightening regulatory requirements for cybersecurity and breach notification across the globe such as

  • the EU GDPR,
  • China’s new Cyber Security Law,
  • and Australia’s Privacy Amendment,

are also propelling cyber onto the board agenda. Most recently, in February 2018, the USA’s Securities and Exchange Commission (SEC) provided interpretive guidance to assist public companies in preparing disclosures about cybersecurity risks and incidents.

Regulations relating to transparency and notifications around cyber breaches drive greater discussion and awareness of cyber risks. Industries such as

  • financial services,
  • telecommunications
  • and utilities,

are subject to a large number of cyberattacks on a daily basis and have stringent regulatory requirements for cybersecurity.

See:  Bithumb $31 Million Crypto Exchange Hack: What We Know (And Don’t)

Kris Manos, Director, KeyCorp, Columbia Forest Products, and Dexter Apache Holdings, observed, “The manufacturing sector is less advanced in addressing cyber threats; the NotPetya and WannaCry attacks flagged that sector’s vulnerability and has led to a greater focus in the boardroom.” For example, the virus forced a transportation company to shut down all of its communications with customers and also within the company. It took several weeks before business was back to normal, and the loss of business was estimated to have been as high as US$300 million. Overall, it is estimated that as a result of supply chain disruptions, consumer goods manufacturers, transport and logistics companies, pharmaceutical firms and utilities reportedly suffered, in aggregate, over US$1 billion in economic losses from the NotPetya attacks. Also, as Cristina Finocchi Mahne, Director, Inwit, Italiaonline, Banco Desio, Natuzzi and Trevi Group, noted, “The focus on cyber can vary across industries depending also on their perception of their own clients’ concerns regarding privacy and data breaches.”

LESSONS LEARNED: UPDATE RESPONSE PLANS AND EVALUATE THIRD-PARTY RISK

The high-profile cyberattacks in 2017, along with new and evolving ransomware onslaughts, were learning events for many organizations. Lessons included the need to establish relationships with organizations that can assist in the event of a cyberattack, such as l

  • aw enforcement,
  • regulatory agencies and recovery service providers
  • including forensic accountants and crisis management firms.

Many boards need to increase their focus on their organization’s cyber incident response plans. A recent global survey found that only 30% of companies have a cyber response plan and a survey by the National Association of Corporate Directors (NACD) suggests that only 60% of boards have reviewed their breach response plan over the past 12 months. Kris Manos noted, “[If an attack occurs,] it’s important to be able to quickly access a response plan. This also helps demonstrate that the organization was prepared to respond effectively.”

Experienced directors emphasized the need for effective response plans alongside robust cyber risk mitigation programs to ensure resilience, as well as operational and reputation recovery. As Jan Babiak, Director, Walgreens Boots Alliance, Euromoney Institutional Investor, and Bank of Montreal, stressed, “The importance of the ’respond and recover’ phase cannot be overstated, and this focus needs to rapidly improve.”

Directors need to review how the organization will communicate and report breaches. Response plans should include preliminary drafts of communications to all stakeholders including customers, suppliers, regulators, employees, the board, shareholders, and even the general public. The plan should also consider legal requirements around timelines to report breaches so the organization is not hit with financial penalties that can add to an already expensive and reputationally damaging situation. Finally, the response plan also needs to consider that normal methods of communication (websites, email, etc.) may be casualties of the breach. A cyber response plan housed only on the corporate network may be of little use in a ransomware attack.

Other lessons included the need to focus on cyber risks posed by third-party suppliers, vendors and other impacts throughout the supply chain. Shirley Daniel, Director, American Savings Bank, and Pacific Asian Management Institute, noted, “Such events highlight vulnerability beyond your organization’s control and are raising the focus on IT security throughout the supply chain.” Survey data suggests that about a third of organizations do not assess the cyber risk of vendors and suppliers. This is a critical area of focus as third-party service providers (e.g., software providers, cloud services providers, etc.) are increasingly embedded in value chains.

More:  The growing cost of cybersecurity

FRUSTRATIONS WITH OVERSIGHT

Most directors expressed frustrations and challenges with cyber risk oversight even though the topic is frequently on meeting agendas. Part of the challenge is that director-level cyber experts are thin on the ground; most boards have only one individual serving as the “tech” or “cyber” person. A Spencer Stuart survey found that 41% of respondents said their board had at least one director with cyber expertise, with an additional 7% who are in the process of recruiting one. Boards would benefit from the addition of experienced individuals who can identify the connections between cybersecurity and overall company strategy.

A crucial additional challenge is obtaining clarity on the organization’s overall cyber risk management framework. (See Exhibit 1: Boards Need More Information on Cyber Investments.) Olga Botero, Director, Evertec, Inc., and Founding Partner, C&S Customers and Strategy, observed, “There are still many questions unanswered for boards, including:

  • How good is our security program?
  • How do we compare to peers?

There is a big lack of benchmarking on practices.” Anastassia Lauterbach, Director, Dun & Bradstreet, and member of Evolution Partners Advisory Board, summarized it well, “Boards need a set of KPIs for cybersecurity highlighting their company’s

  • unique business model,
  • legacy IT,
  • supplier and partner relationships,
  • and geographical scope.”

Nearly a quarter of boards are dissatisfied with the quality of management-provided information related to cybersecurity because of insufficient transparency, inability to benchmark and difficulty of interpretation.

EFFECTIVE OVERSIGHT IS BUILT ON A COMPREHENSIVE CYBER RISK MANAGEMENT FRAMEWORK

Organizations are maturing from a “harden the shell” approach to a protocol based on understanding and protecting core assets and optimizing resources. This includes the application of risk disciplines to assess and manage risk, including quantification and analytics. (See Exhibit 2: Focus Areas of a Comprehensive Cyber Risk Management Framework.) Quantification shifts the conversation from a technical discussion about threat vectors and system vulnerabilities to one focused on maximizing the return on an organization’s cyber spending and lowering its total cost of risk.

Cyber risk management process - Global Governance Insights on Emerging Risks

See:  FSB warns of third-party FinTech risk

Directors also emphasized the need to embed the process in an overall cyber risk management framework and culture. “The culture must emphasize openness and learning from mistakes. Culture and cyber risk oversight go hand in hand,” said Anastassia Lauterbach. Employees should be encouraged to flag and highlight potential cyber incidents, such as phishing attacks, as every employee plays a vital role in cyber risk management. Jan Babiak noted, “If every person in the organization doesn’t view themselves as a human firewall, you have a soft underbelly.” Mary Beth Vitale, Director, GEHA and CoBiz Financial, Inc., also noted, “Much of cyber risk mitigation is related to good housekeeping such as timely patching of servers and ongoing employee training and alertness.”

Boards also need to be alert. “Our board undertakes the same cybersecurity training as employees,” noted Wendy Webb, Director, ABM Industries. Other boards are putting cyber updates and visits to security centers on board “offsite” agendas.

Continue to the full article --> here

 

Click for News:

latest news - Global Governance Insights on Emerging Risks

 

Betakit | Isabelle Kirkwood | Oct 19, 2020 A collection of innovation-focused organizations in British Columbia (BC) are pushing the federal and provincial governments to bring the Ontario-focused Scale-Up Platform out west, BetaKit has learned. The group is seeking funding from both the federal and provincial governments, with an ask of $31 million from Western Economic Diversification, the federal government’s regional development agency (RDA) for Western Canada. The group, which consists of 11 innovation organizations, is looking to use the funding to support high-potential companies in BC. See:  ‘We don’t have enough money’: Tech leaders debate constraints at Vancouver Startup Week The 11 innovation organizations pitching the governments include Vancouver-based groups like the BC Tech Association, SFU venture labs, and Entrepreneurship at UBC. Regional organizations onboard include Accelerate Okanagan, Nanaimo’s Innovation Island, Kamloops Innovation Center, and Victoria-based VIATEC, among others. Jill Tipping, CEO of the BC Tech Association, told BetaKit the hope is that capital for a BC Scale-Up initiative will be included in the federal 2021 budget. The organizations claim the funding would allow them to pool their resources and offer tailored services and programming to various high-potential companies in their respective communities. Ontario’s four-year Scale-Up initiative was launched ...
Read More
Vancouver - Global Governance Insights on Emerging Risks
Forbes | Dennis Mitzner | Oct 20, 2020 In the last 10 years, the global retail industry has been hit by a debilitating concoction of technological disruptions and competitive challenges. From issue-based brand boycotts to rapidly changing customer expectations, many of these challenges have disproportionately affected the brick-and-mortar retail market. Even before the current global pandemic, it was becoming increasingly clear that traditional brick-and-mortar retailing was entering a period of protracted decline. Now, faced with volatile trading conditions and intensifying competition from e-commerce platforms, brick-and-mortar vendors have found it increasingly difficult to keep up with online retail giants like Amazon and Alibaba. Unless this trend can be reversed, UBS analysts estimate that 75,000 brick-and-mortar stores could be forced into closure by 2026. Sadly, the outbreak of COVID-19 has accelerated rather than reversed existing trends in the industry. In addition to shuttering main street malls and driving down store-based foot traffic, the pandemic has also encouraged traditional retail shoppers to seriously enter the online market, driving a fresh wave of consumers straight into the ever more sophisticated marketing strategies and advertising funnels employed by e-commerce platforms and online retailers. See:  Big Tech takes aim at the low-profit retail-banking industry As traditional ...
Read More
retail and the underbanked opportunity - Global Governance Insights on Emerging Risks
KABN and KABN Kash | Release | Oct 20, 2020 TORONTO, ON / ACCESSWIRE / October 20, 2020 / KABN Systems NA Holdings Corp. (CSE:KABN) (the "Company" or "KABN North America"), a Canadian Fintech company that specializes in continuous online identity verification, management and monetization in Canada and the U.S., is pleased to announce that it has signed an agreement with BOON Rewards Inc. (www.getboon.com) ("BOON") to provide its online KABN KASH cashback and loyalty rewards program (www.kabnkash.com) on a white label basis for BOON's growing list of card linked program clients in the financial services, insurance and real estate sectors. Currently, BOON's clients reach over 11.5 million Canadians. BOON's Card Linking platform utilizes VISA & MasterCard Verified Point of Sale transaction protocols to create Partner Powered Rewards Programs. BOON combines seamless card linked offers and the buying power of large groups to deliver deeper, actionable intelligence for merchants as well as richer rewards for consumers. Working with KABN KASH, BOON can additionally enable these consumers to receive cashback for online shopping at hundreds of major online retailers. This creates additional value for their consumers, clients, BOON, and KABN North America. See:  KABN North America and Loop Insights Partner to ...
Read More
KABN cash reward program - Global Governance Insights on Emerging Risks
CIO | Oct 19, 2020 Study finds ‘little evidence’ of consistent ESG over-performance in recent years. A new report from the Organization for Economic Co-operation and Development (OECD) said that while “loosely defined” metrics seem to indicate that environment, social, and governance (ESG) investing provides superior returns, “a more in-depth analysis suggests that financial performance based on ESG ratings is mixed and there is little evidence of consistent over-performance in recent years.” The 2020 edition of the OECD’s annual business and finance outlook focuses on the ESG factors that it said are “rapidly becoming a part of mainstream finance.” The report evaluates current ESG practices and identifies priorities and actions to align investments with sustainable, long-term value, such as the need for more consistent, comparable, and available ESG performance data. “ESG ratings and investment approaches are constructive in concept, and potentially useful in driving the disclosure of valuable information on how companies are managed and operated in reference to long-term value creation,” said the report. However, it added that “current market practices, from ratings to disclosures and individual metrics, present a fragmented and inconsistent view of ESG risks and performance.” The report said that while institutional investors looking to manage ...
Read More
ESG opportunities and challenges - Global Governance Insights on Emerging Risks
CIBC Press Release | Oct 20, 2020 Bond will help finance assets, businesses and projects that shape a more sustainable economy TORONTO, Oct. 19, 2020 /CNW/ - CIBC (TSX: CM) (NYSE: CM) announced today a USD$500 million, five-year green bond to help finance new and existing green projects, assets, and businesses that mitigate the risks and effects of climate change, including: renewable energy, green buildings, clean transportation, natural resource conservation, biodiversity conservation, energy efficiency, and pollution prevention and control. "As a leading renewables financer and advisor in North America, we are proud to help mobilize capital and develop market-based solutions to support investments that shape a more sustainable future," said Roman Dubczak, Managing Director and Head, Global Investment Banking, CIBC Capital Markets. See:  Podcast: How blockchain could revolutionize green finance in Asia "Our clients are increasingly investing in the sustainability of their operations, and our green bond issuance supports these efforts while meeting the growing demand for environmentally responsible investments." This marks the bank's inaugural green bond issued under CIBC's Green Bond Framework. The Framework is in line with International Capital Market Association (ICMA) Green Bond Principles 2018 and has been reviewed by Sustainalytics, an independent provider and global leader ...
Read More
Green bonds - Global Governance Insights on Emerging Risks
Cointelegraph | Helen Partz |Oct 19, 2020 The U.S. already has a “safe and active dynamic domestic payment system,” Powell argued. The United States will not be issuing a digital dollar until the Federal Reserve resolves all questions around a potential central bank digital currency, or CBDC, according to the Fed's chairman, Jerome Powell. Powell claimed that he is not worried about other countries having a first-mover advantage when it comes to issuing CBDCs. Speaking at a Monday panel on cross-border payments hosted by the International Monetary Fund, Powell said: "We have not made a decision to issue a CBDC, and we think there’s a great deal of work yet to be done. [...] In fact, I actually do think that CBDC is one of those issues where it’s more important for the United States to get it right than it is to be first.” Powell elaborated that “getting it right” means that the U.S. is not only looking at the potential benefits of a CBDC but also the potential risks — particularly given the fact that the U.S. dollar is the world’s reserve currency. See:  US Federal Reserve Actively Working on Digital Dollar The official noted that countries around the ...
Read More
CBDC - Global Governance Insights on Emerging Risks
FCA Insight | Tony Curzon Price, Chris Gee, Graeme Reynolds and Eric Morrison | Oct 16, 2020 Data sharing is capable of bringing wider societal benefits Access to data is increasingly important in ensuring that financial markets work effectively for consumers. It helps firms supply the services customers need and want, it allows more tailored and innovative services to be developed, and it helps consumers seek out the best firms, and firms seek out the most appropriate consumers. Here, we focus on the potential positive externalities of data sharing and how we might unlock the wider value of data, while also being mindful of the challenges highlighted in the previous Insight article. Data can have the characteristics of a public good – it creates benefits for society as a whole and those benefits increase the more data is used and the more widely it is dispersed. See:  Lagging regulation, consumer trust inhibiting FinTech adoption in Canada Data has been described as the ‘new oil’, but in one regard it is quite unlike other commodities. Data is not ‘used up’ when it is accessed or exploited. This can mean that, from a common good perspective, it can be efficient to make data ...
Read More
Data trust and technology - Global Governance Insights on Emerging Risks
NCFA Canada | Oct 16, 2020 JOIN US ON A STORYTELLING JOURNEY EVERY FRIDAY. EP44:  The Vanguard of Digital Innovation and Ecosystems in Canada Guests: RICHARD REMILLARD, President, RCG Group (LinkedIn) ROBIN FORD, Principal, Robin Ford Consulting (LinkedIn) DAVID LUCATCH, Co-Founder and CEO, KABN Systems North America (LinkedIn) LYNN JOHANNSON, Owner, E2 Management Corporation (LinkedIn) About this episode: Join us for a special Episode 44 where Craig Asano sits down with a panel of NCFA Advisors and members who discuss the vanguard of digital finance and it's ability to fund, develop and scale digital innovations in green finance, digital identity and other emerging ecosystem opportunities in Canada. Are success stories like Wealthsimple and Shopify repeatable? Covid has afforded us all the time to take stock on the past and present while considering a relaunch of the future. Will Canada get it right? NCFA Canada · EP 44 The Vanguard of Digital Innovation and Ecosystems in Canada Subscribe and tune in each Friday to check out the latest movers and shakers in fintech. Listen to more podcasts here: Season 1 | Season 2 | Season 3 Fintech Friday Transcript of Episode 44:   Intro: Welcome to fintech Friday's a weekly podcast brought to ...
Read More
FF EP44 with NCFA Advisors banner 2 - Global Governance Insights on Emerging Risks
RCG Group | Richard Remillard and Michael  Scholz | Oct 15, 2020 Background:  Access to Capital for Scale-ups Canada has an SME and start-up ecosystem that is healthy in many respects, ranking second globally in ease of starting a business, but seemingly falls in short scaling growing businesses into globally competitive anchor firms, as fewer than 2% of Canadian mid-sized firms grow into large firms in any given year.1 As a result, SM Es account for about 90% of business sector employment in Canada2 versus 47% in the United States3, a fact that accounts for about 20% of the labour productivity gap between Canada's business sector and that of the United States. Ambitious, medium-sized firms require access to affordable sources of growth capital to be able to invest in activities (e.g. hiring talent, building infrastructure, and developing new technology) necessary to grow into globally competitive leaders. Evidence of stronger demand for such growth equity has been noted by the BOC, which expects its Growth & Transition Capital offerings to increase by 8% annually through fiscal 2024. See:  Ontario’s Capital Markets Modernization Task force report draws criticism Despite this, the financing challenges and opportunities surrounding medium-sized, higher-growth companies generally remain poorly ...
Read More
Canadian 100 dollar bills - Global Governance Insights on Emerging Risks
BlacBiblio | Jo-Ann DaPonte | Oct 15, 2020 I am hoping that you, like me, want to redeem 2020 by making a positive impact in the lives of children and teens! Finding out about the campaign to bring The ABC's of Canadian Black History Kit ONLINE inspired me to do my part to ensure that our kids can see themselves in the positive, real stories of Black Canadians and that their teachers can equip them to think critically about what they see today, and tomorrow, and to act purposefully!    I immediately decided to support the campaign and share with my friends and family. The kit is the ONLY turnkey resource that’s available in Canada and every teacher needs it to easily plan and deliver engaging lessons and activities that kids excited about learning their history AND ready to talk about the important issues like racism, discrimination, social justice and what’s going on in today’s world. Take a look at the kit on www.blacbiblio.com Do you share my commitment to ensuring that ALL future generations know the real history of the Black Canadians that helped build our country?  If so, please join me in supporting the campaign to Bring the ABC's of Canadian Black History ONLINE before February 2021’s Black History Month.  With the current ...
Read More
Canadian black history kit online - Global Governance Insights on Emerging Risks

 


NCFA Jan 2018 resize - Global Governance Insights on Emerging RisksThe National Crowdfunding & Fintech Association of Canada (NCFA Canada) is a cross-Canada non-profit actively engaged with cryptocurrency, blockchain, crowdfunding, alternative finance, fintech, P2P, ICO, STO, and online investing stakeholders globally. NCFA Canada provides education, research, industry stewardship, services, and networking opportunities to thousands of members and subscribers and works closely with industry, government, academia, community and eco-system partners and affiliates to create a strong and vibrant crowdfunding and fintech industry. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: ncfacanada.org