Regulators seek evidence when it comes to cyber security
31 January 2019
Cybersecurity standards are always changing, driven by ever increasing sophistication of attacks as well as the resulting evolution in regulatory requirements.
When it comes to security audits, financial regulators are increasingly focusing on evidence that the controls and procedures described in a firm’s security policies are actively followed. Some are examining that technical controls are appropriately implemented, no longer satisfied with a ‘paperwork’ level examination.
In terms of reporting, recent regulatory changes have increased clarity about what types of security events need to be reported to regulator, such as ransomware attacks and all customer data breaches. Shadowing these higher standards, fines and other enforcement penalties are expected to increase for violations, especially those involving data (privacy) breaches or stolen funds which hurt the overall industry’s reputation.
For firms that have an active security program these higher standards will require incremental adjustments. For firms still in the planning or documentation stage of implementing an effective security program, the gap between where they are and where they need to be is getting larger.
Join our cyber security briefing
To explore these changes, and the regulators’ expectations for 2019, we’re hosting a briefing session on 6 March 2019. We will be welcoming clients, contacts and key service providers in the cyber security world to our Chicago offices for an evening session to explore some of the solutions and processes likeminded firms are putting in place.
For more information please register here.