Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label IT risks. Show all posts
IT risks
Banking Cyber Security Cyber Technology Cyberattacks CyberCrime Cyberthreats Digital Supply IT risks

EU Mandates Tougher Cybersecurity for Banking Sector

 


European Banks Strengthen Cybersecurity Amid Strict Regulations

European banks are being compelled to enhance their cybersecurity systems to comply with stringent regulations aimed at safeguarding critical infrastructure against cyber threats. The rise of digital tools in the financial sector has brought with it an urgent need for robust data protection systems and comprehensive cybersecurity measures.

Cyber risks remain a persistent challenge in the banking industry, with no signs of abatement. According to industry projections by Cybersecurity Ventures, global cybercrime costs are expected to escalate to a staggering $10.5 trillion annually by 2025. While these figures highlight the gravity of the issue, financial institutions have an opportunity to protect themselves from financial and reputational harm through the strategic implementation of dependable cybersecurity frameworks.

The Digital Operational Resilience Act (DORA)

On January 17, after a two-year implementation period, the Digital Operational Resilience Act (DORA) was signed into law. This legislation mandates financial services firms and their technology providers to enhance their resilience against cyberattacks and operational disruptions.

Under the new rules, financial institutions must:

  • Implement proactive risk management systems to identify and mitigate operational disruptions.
  • Establish rapid-response protocols to address technological challenges.
  • Conduct regular resilience tests to strengthen their digital defenses.
  • Continuously monitor and assess third-party IT risks across the supply chain.

The act affects over 22,000 institutions, including banks, digital banks, and cryptocurrency service providers. Non-compliance can result in fines of up to 2% of annual global revenue, with managers personally liable for breaches, facing penalties of up to €1 million.

Compliance with European cybersecurity regulations remains complex. Harvey Jang, Chief Privacy Officer and Deputy General Counsel at Cisco, notes that the financial sector operates under multiple overlapping regulations. These include the Network and Information Systems Directive (NIS), which focuses on critical infrastructure security, and the General Data Protection Regulation (GDPR), which standardizes data protection across the EU.

Each regulation introduces unique requirements, and national implementation adds further fragmentation. For instance:

  • The NIS Directive mandates member states to ensure high-security standards for critical infrastructure.
  • The GDPR emphasizes privacy, security, and breach management, significantly impacting financial institutions that control and process vast amounts of data.

DORA and NIS2: Strengthening EU Cybersecurity

DORA complements the updated NIS2 Directive, introduced in 2023 to address evolving cyber threats. Together, these regulations aim to bolster resilience across EU member states, ensuring financial institutions are prepared for the complexities of modern cyber threats.

However, a survey by Orange Cyberdefense revealed that 43% of UK financial institutions are still not fully compliant with DORA. Despite the UK’s departure from the EU, DORA applies to any financial institution operating within the EU, including those without an EU office.

Rising Awareness and Proactive Measures

Recent incidents, such as the 2024 Microsoft/CrowdStrike outage, have underscored the importance of proactive cybersecurity measures. These events have prompted organizations to allocate larger budgets to risk management teams and adopt a crisis-preparedness mindset.

"Forward-thinking organizations understand that it’s better to be prepared for crises when they occur, rather than if they occur," states the Boyle report. This shift in mindset has empowered companies to focus on readiness in an increasingly complex threat landscape.

The Role of High-Security Solutions

Companies like Salt, a Belfast-based cybersecurity firm, are addressing the growing need for high-security solutions. Salt serves industries such as finance, defense, and law enforcement in over 50 countries, including clients like BAE Systems and Mishcon de Reya.

Salt’s approach prioritizes customized, high-security communication systems that offer clients absolute control and exclusivity. “Our high-security clients demand systems that are independent and inaccessible once deployed — even to us,” explains Boyle. This assurance gives clients confidence and peace of mind in today’s complex threat environment.

As the financial sector navigates an increasingly digital and interconnected world, the importance of robust and proactive cybersecurity strategies cannot be overstated. Compliance with evolving regulations like DORA and NIS2 is critical to safeguarding financial institutions and maintaining trust in the industry.

Read more »
Risk Management
ATM Cyber Security Cyber Threats Digital Banking IT risks RBI Risk Management

RBI Issues Advisory to Support Cybersecurity in Banks


 

Amid escalating cyber threats, the Reserve Bank of India (RBI) has released a comprehensive advisory to all scheduled commercial banks. This advisory, disseminated by the Department of Banking Supervision in Mumbai, stresses upon the paramount importance of robust cybersecurity measures in the modern digital banking infrastructure.

The advisory highlights the crucial role of Corporate Governance in maintaining accountability within banks, emphasising that IT Governance is a key component of this framework. The RBI stresses that effective IT Governance necessitates strong leadership, a clear organisational structure, and efficient processes. Responsibility for IT Governance, the advisory states, lies with both the Board of Directors and Executive Management.

With technology becoming integral to banking operations, nearly every commercial bank branch has adopted some form of digital solution, such as core banking systems (CBS) and alternate delivery channels like internet banking, mobile banking, phone banking, and ATMs. In light of this, the RBI provides specific guidelines to banks for enhancing their IT Governance.

The RBI recommends that banks clearly define the roles and responsibilities of their Board and Senior Management to ensure effective project control and accountability. Additionally, it advises the establishment of an IT Strategy Committee at the Board level, comprising members with substantial IT expertise. This committee is tasked with advising on strategic IT directions, reviewing IT investments, and ensuring alignment with business goals.

The advisory also suggests structuring IT functions based on the bank’s size and business activities, with dedicated divisions such as technology and development, IT operations, IT assurance, and supplier management. Each division should be headed by experienced senior officials to manage IT systems effectively.

Implementing IT Governance PractiPracticehe RBI stresses the importance of implementing robust IT Governance practices aligned with international standards like COBIT (Control Objectives for Information and Related Technologies). These practices focus on value delivery, IT risk management, strategic alignment, resource management, and performance measurement.

Information Security Governance

Recognizing the critical nature of information security, the RBI advises banks to develop comprehensive security governance frameworks. This includes creating security policies, defining roles and responsibilities, conducting regular risk assessments, and ensuring compliance with regulatory requirements. The advisory also recommends that the information security function be separated from IT operations to enhance oversight and mitigate risks.

Risk Management and Compliance

The RBI underscores the necessity of integrating IT risks into banks’ overall risk management frameworks. This involves identifying threats, assessing vulnerabilities, and implementing appropriate controls to mitigate risks. Regular monitoring and oversight through steering committees are essential to ensure compliance with policies and regulatory standards.

The RBI’s advisory serves as a crucial reminder for banks to strengthen their cybersecurity defences amidst growing digital threats. By adopting robust IT Governance and information security frameworks, banks can enhance operational resilience, protect customer data, and safeguard financial stability. Adhering to these guidelines not only ensures regulatory compliance but also bolsters trust and confidence in the banking sector.

As technology continues to play an increasingly pivotal role in banking, the RBI urges banks to remain vigilant against emerging threats. Proactive measures taken today will help secure the future of banking operations against cybersecurity challenges. For detailed guidelines, banks are encouraged to refer to the official communication from the Reserve Bank of India.


Read more »
Subscribe to: Posts (Atom)