Group Co.
Top Trends in Cybersecurity for 2018
Traders Magazine Online News, December 21, 2017
The year 2017 saw unprecedented change in the world of cyber – the number and scale of attacks grew significantly, while in many cases governments, regulators, and financial services firms were perceived to be scrambling to catch up. In 2018, the momentum around cybersecurity will accelerate in a range of ways – below are Cordium’s top five trends:
1- Cyber threats and the number of attacks will continue to grow. The numbers here can vary, but predictions are reaching in the neighborhood of $6 trillion in global cyberattack damage by 2021 according to data from Cybersecurity Ventures. This would make cybercrime larger, economically, than all of the drug trafficking in the world combined. As a result, according to Gartner, spending on cybersecurity is expected to hit $93 billion globally in 2018. In this Wild West, more White Hats are needed – there is a persistent cybersecurity skills shortage – which means the cost of hiring good people to help firms combat cybercrime will rise sharply. Of course, expect to see more spending on technology, and compliance infrastructure too.
2- Government focus on critical infrastructure resiliency — including the financial services industry — will increase. The May 2017 WannaCry ransomware attacks, which hit utilities, health care, and other critical infrastructure organizations around the world was a wake-up call for governments. Although work had already begun on addressing the vulnerability of critical infrastructure countries like the US and the UK, the very real impact of the virus turned what had seemed like a purely theoretical disaster movie scenario into something quite tangible. In October, the US Department of Homeland Security (DHS) and Federal Bureau of Investigation issued an alert warning of the possibility of an attack on critical infrastructure, and industry experts are predicting a range of potential attacks on critical infrastructure – from rogue states and criminals. For financial services firms, the stakes of getting cybersecurity wrong – in terms of both systemic risk and reputational risk – are very high indeed.
3- Rulemaking as well as enforcement on cybersecurity, data protection, incident reporting, and third party risk will continue to rise. New York State’s Department of Financial Services was out of the gate early in February 2017 with a set of ground-breaking cybersecurity rules, including a notification requirement. Since then, other US states have followed suit. In the EU, implementation of the General Data Protection Regulation (GDPR) for May 2018 is focusing minds. Financial services regulators are already beginning to crack down on compliance – for example, in the US, Securities and Exchange Commission examiners are asking to see tailored cybersecurity policies as well as evidence of implementation. Both the US and the UK are focusing supervisory efforts on third party risk – a significant element of cybersecurity. Expect to see significant enforcement actions in 2018 as regulators around the world signal just how serious they are. In terms of regulation, however, is just the beginning. Rulemaking in most jurisdictions hasn’t even touched topics such as the Internet of Things (IoT) or Artificial Intelligence (AI) – new tools that financial services companies – and cyber attackers – are already starting to make use of. As well, regulation around cryptocurrencies and biometrics is in its infancy.
For more information on related topics, visit the following channels:
Comments (0)