Financial services firms ‘readying for tougher cybersecurity rules’

A survey of nearly 200 senior financial services professionals by corporate finance advisor Duff & Phelps suggests that 86% of firms intend to increase the time and resources they spend on cybersecurity over the next year.

D&P comments that the results show that firms are preparing to implement more stringent cybersecurity measures in response to increasing regulatory scrutiny and growing pressure to protect investor information.

The survey canvassed opinion from 183 senior financial services executives, compliance professionals and investment managers operating in the US, Europe and Asia.  This was conducted in conjuncture with D&P’s fifth annual Global Regulatory Outlook report and respondents were contacted in Q1 2017.

Two in three financial services firms expect cybersecurity to be a priority for regulators this year, and 31% believe it will be the most important priority for regulators.

Nearly four out of 10 firms (39%) also believe regulators intend to increase scrutiny on financial crime and know-your-customer (KYC compliance departments, an area which is increasingly converging with cybersecurity as regulators expect firms to take a holistic view of cyber threats.

In addition, 62% of financial services professionals believe that the US Securities and Exchange Commission’s (SEC) proposed rules to enhance information reported by investment advisers will impact their firm. In response to high profile cyberattacks in recent years, some firms are now required to adopt written policies to protect their clients’ private information and must implement processes to protect against future cyberattacks.

“With the British Government introducing a new cybersecurity strategy in November 2016 and the White House currently reviewing US cybersecurity strategy, it is clear that cybersecurity will be a top priority for regulators, governments and financial institutions alike in 2017,” comments D&P.

“Cybersecurity is at the top of the agenda for financial services firms today,” added Jason Elmer, managing director, compliance and regulatory consulting at D&P. “In the wake of high profile cyberattacks, many are anticipating clearer and more punitive cybersecurity regulation to be implemented.

“Firms are proactively looking to strengthen cyber defences as a result, and this is an opportunity for regulators to collaborate with financial institutions to form new rules. What’s also clear is that commercial pressures from investors concerned about the security of their sensitive data will accelerate any attempt to improve cybersecurity measures.  For all these reasons, 2017 is set to be a watershed year for cybersecurity regulation.”

Jake Summerfield, managing director of The Network Group, which holds an annual security network for chief information security officers (CISOs), added:  “Nowhere is this recognition of the cyber-threat clearer, or the risks higher, than in financial services. In our annual survey of CISOs and information security professionals from the industry, 53% said they would actively invest in data security and integrity measures to combat a potential data breach.

“If banks, insurers and pension providers are taking their responsibility to protect data seriously, as this research shows, it’s likely that we’ll continue to see even more firms listening to their network security professionals and investing in cyber-security measures to ensure they remain compliant.”


Related reading