A Managed Services Provider (MSP) of outsourced IT has warned that the banking industry cannot afford to wait for cyber security standards to emerge from the UK Government, after calls for greater regulation on cyber security in the sector.
Earlier this month, Richard Benham, chairman of the National Cyber Management Centre, said that there would be a loss of confidence in the banking system in 2017 after a predicted cyber-attack on a major bank, stating that more formal regulation of cyber security is needed as a result. He said that although Bank of England guidance on the issue already exists, banks are largely left to their own devices and that mandated standards around cyber security should be introduced.
Phil Bindley, CTO of The Bunker, said that the introduction of new cyber security standards should be welcomed as information security is an issue for the financial services sector, from fintech start-ups to longstanding banks. However, considering that new standards can often take years to refine, financial services companies must get their security in order now, if they wish maintain the integrity of all data within their organisation and safeguard customer trust, he said.
Phil Bindley said: “The threats facing the financial services industry grow by the day so the introduction of new cyber security standards for the industry would, in principle, be very welcome. Standards are key to arriving at a common framework for the new wave of financial services, encouraging end user confidence and establishing the foundation for further innovation. But the challenge is that standards take years to emerge and longer to perfect, so it’s critical that financial services firms don’t wait around for new standards to form. It’s important that they can get to grips with their information security now, while the standards-setters work in the background.
“A further consideration is whether or not the new standards should be mandated. Where standards are mandated, organisations tend to do the minimum needed to comply and there’s a risk this would be the case in the finance industry. The situation is different when compliance is voluntary, as this often results in organisations going over and above what’s required. A preferable approach might be to allow the industry to regulate itself, so shining examples can reap the market rewards for their efforts. Moreover, the financial services industry is moving at such a pace that by the time standards arrive, there’s a chance that they’ll no longer be fit-for-purpose. In short, there’s no time to waste.” he continued.
The Bunker is hosting events on financial services. The first, presented by Phil Bindley on January 27, was about the importance of information security in the financial services sector and how this stands to act as a business enabler. As almost every Fintech company handling data that will be subject to the General Data Protection Regulation (GDPR), Simon Loopuit, CEO and founder of trust-hub, hosted a conversation about the GDPR in a business context.
Phil Bindley added: “Ultimately, embracing information security in all aspects of any business will certainly bring a competitive advantage, not least for the financial services sector. However, there’s a perception, particularly among more agile organisations, that information security is a hindrance to innovation, when in fact it’s a major business enabler that helps companies to manage risk and to protect their brand. In order to compete at the forefront of the financial services environment, companies will have to demonstrate the robustness of their infrastructure, platform and software to ensure they are not introducing any degree of risk into this sector. With the GDPR swiftly arriving, with implications for almost every Fintech company, it’s never been more crucial for organisations to get their houses in order. I look forward to discussing this topic further at the first instalment of our financial technology event series.”
