You are here

Asian regulators stepping up as cyberattacks increase: Deloitte

AS worries grow over a financial cyber crisis, Asia's regulators are stepping up their efforts to tackle the risks while facing a number of challenges, said a Deloitte report released on Wednesday.

Some of the challenges are the lack of harmonised standards, outsourcing of IT services and shortage of IT security specialists and cyber professionals, it said.

And the most advanced countries in adopting the digital economy are also the most vulnerable to cyberattacks.

Generally, businesses operating in countries that have more advanced ICT (information and communication technology) infrastructure and a bigger digital economy face greater cyber risks, it said citing 2016 research.

For example, Korea, Australia, Japan and Singapore have been found to be nine times more vulnerable to cyberattacks than other Asian economies.

It is not inconceivable that the next financial crisis would be triggered by a cyberattack, said Ravi Menon, managing director, Monetary Authority of Singapore, at a forum in March.

There is a need to develop the regulatory and supervisory capabilities to address these emerging threats, he said.

Cyber risk management will be the new frontier for global regulatory efforts and supervisory cooperation, said Mr Menon.

Across the globe and within Asia Pacific, cyberattacks are increasing in frequency and sophistication, said Deloitte. It estimated that the cost of cyber crime can be up to US$575 billion per year, and the financial services sector is a key target.

"The financial system relies on confidentiality of data, protection of deposits, and provision of critical services, and all of this has come under threat in recent years as the frequency of cyberattacks has increased," said Kevin Nixon, Deloitte global & Asia-Pacific leader, Centre for Regulatory Strategy.

Cyber risks are only set to increase as financial institutions (FI) become more data-driven digital businesses, and as more financial services are delivered online, he said.

"If cyber risks and responses are not well managed, it could even threaten the stability of the financial system. Only those financial institutions who have robust cybersecurity and cyber risk management will be able to retain customers, maintain trust and enhance their competitive edge," he said.

In response to these risks, regulators are considering appropriate standards and supervisory tools, and are actively urging firms to enhance capabilities so as to address these emerging threats.

Regulation is developing across the region, although it is not uniform.

"As previously noted, regulatory approaches to cyber risk in APAC are varied and localised, with no significant steps taken yet toward harmonised standards across the region," the report said.

FIs struggle to understand the regulatory differences at a country level, to be aware of emerging threats and to design cyber risk programmes that are coherent and robust across jurisdictions.

Despite that, there is a general consistency with regulatory approaches going beyond just security to focus on governance, vigilance and response.

The need to defend against outsourcing risk is an emerging and growing area of concern, in particular for those economies where IT services are widely contracted out to jurisdictions with weaker cybersecurity regimes, it said.

Another challenge for FIs operating in Asia Pacific is that organisations have a shortage of dedicated IT security specialists and cyber professionals, meaning they may have difficulty staying up to date with the pace of change in the cyber landscape.

Many financial institutions lack management recognition or understanding of the importance of cybersecurity and fail to adopt a coordinated approach across functions.

Not surprisingly, economies with different levels of cyber exposure and capacity address the issue differently.

The recent focus for financial services regulators in Japan, Hong Kong, Singapore and Australia has been to strengthen FIs' resilience, it said.

Korea is heavily dependent on cyber technology and has been actively amending its sophisticated framework from all dimensions, with a particular focus on controlling sensitive information. China and India have emphasised being secure. However, both are now moving towards developing FI vigilance and resilience.