Editorial
| Published date | 02 July 2019 |
| Pages | 666-668 |
| Date | 02 July 2019 |
| DOI | https://doi.org/10.1108/JFC-07-2018-0073 |
| Author | Richard Parlour |
Editorial
EU cybersecurity policy in the financial sector
With the inexorable rise of e-commerce comes the inexorable rise of the e-criminal.
Cybercrime is now the world’s fastest growing crime. It has leapt to number two of the top
ten business risks worldwide, fromnot even appearing in that list five years ago. For certain
countries, cyberattack is now the risk of greatest concern. Gone are the days of concern
about a low-level hack of a website by a script kiddie. Today’s attackers are multi-faceted
and increasing in sophistication, ranging from advanced persistent threats, corporate
espionage, organised crime and “hactivists”to cyberterrorists, ever more competent, and
ever better funded. Cybersecurity hasmoved from being a technical issue to a political and
boardroom issue. Financial markets are particularly important as they oil the wheels of all
member state economies.
So what should the prioritiesof cybersecurity be? There are three core themes to address:
(1)governance (at all of organisational, international and national levels);
(2)risk management (both contextually and intelligence driven); and
(3)capability (cybersecurity by design and by default, using a standard framework
applied to context).
Amid several large cyberattacksin 2017, the European Commission adopted its multi-sector
cybersecurity package. Nonetheless, a multitude of issues remain that the financial sector
needs to address to bolsterits resilience against current and future threats.
The EU Task Force on cybersecurity policy for the financialsector has recently released
its report (www.ceps.eu/system/files/TFRCybersecurityFinance.pdf) on the main issues at
play across the European financial sector, and they have come up with nine policy
recommendations to advance the effectiveness of cybersecurity. First, convergence in the
taxonomies of cyber-incidentsis needed, we clearly need to know what each other is talking
about, although this can be a challengewith tech speak. Second, the framework for incident
reporting needs to be significantly improved to contribute fully to financial institution
cyber-resilience. Third, cybersecurity data need to be shared and authorities should assess
how and to what extent data held by the centralised hub should be shared, and withwhom.
Fourth, ambitious policies are needed to develop consistent, reliable and exploitable
statistics on cyber-trends. Fifth, companies can do a lot themselves but best practices for
cyber-hygiene should be continuously enhanced. Sixth, the European Cybersecurity
Certification Scheme needs to be strengthened to contribute better to cybersecurity, cyber-
risk management and capability. Seventh, cybercrime is largely cross border, and the
reinforcement of cross-border cooperation and legal convergence remains a priority, both
within the EU and more widely. Eighth, best practices in remedies incase of cyberattacks
need to be further encouraged.Finally, policymakers should further assess the pros, cons
and feasibility of creating an emergency fund in case of large cyberattacks. Let’s look at
these in more detail.
A common taxonomy for cyber-incidents
A common taxonomy across regulations, jurisdictions and sectors should ease the
understanding of multi-country and multi-sector cyberattacks, and eventually strengthen
the quality of responses. Given the ever-changing nature of cyberspace, the reference
JFC
26,3
666
Journalof Financial Crime
Vol.26 No. 3, 2019
pp. 666-668
© Emerald Publishing Limited
1359-0790
DOI 10.1108/JFC-07-2018-0073
Get this document and AI-powered insights with a free trial of vLex and Vincent AI
Get Started for FreeStart Your Free Trial of vLex and Vincent AI, Your Precision-Engineered Legal Assistant
-
Access comprehensive legal content with no limitations across vLex's unparalleled global legal database
-
Build stronger arguments with verified citations and CERT citator that tracks case history and precedential strength
-
Transform your legal research from hours to minutes with Vincent AI's intelligent search and analysis capabilities
-
Elevate your practice by focusing your expertise where it matters most while Vincent handles the heavy lifting
Start Your Free Trial of vLex and Vincent AI, Your Precision-Engineered Legal Assistant
-
Access comprehensive legal content with no limitations across vLex's unparalleled global legal database
-
Build stronger arguments with verified citations and CERT citator that tracks case history and precedential strength
-
Transform your legal research from hours to minutes with Vincent AI's intelligent search and analysis capabilities
-
Elevate your practice by focusing your expertise where it matters most while Vincent handles the heavy lifting
Start Your Free Trial of vLex and Vincent AI, Your Precision-Engineered Legal Assistant
-
Access comprehensive legal content with no limitations across vLex's unparalleled global legal database
-
Build stronger arguments with verified citations and CERT citator that tracks case history and precedential strength
-
Transform your legal research from hours to minutes with Vincent AI's intelligent search and analysis capabilities
-
Elevate your practice by focusing your expertise where it matters most while Vincent handles the heavy lifting
Start Your Free Trial of vLex and Vincent AI, Your Precision-Engineered Legal Assistant
-
Access comprehensive legal content with no limitations across vLex's unparalleled global legal database
-
Build stronger arguments with verified citations and CERT citator that tracks case history and precedential strength
-
Transform your legal research from hours to minutes with Vincent AI's intelligent search and analysis capabilities
-
Elevate your practice by focusing your expertise where it matters most while Vincent handles the heavy lifting
Start Your Free Trial of vLex and Vincent AI, Your Precision-Engineered Legal Assistant
-
Access comprehensive legal content with no limitations across vLex's unparalleled global legal database
-
Build stronger arguments with verified citations and CERT citator that tracks case history and precedential strength
-
Transform your legal research from hours to minutes with Vincent AI's intelligent search and analysis capabilities
-
Elevate your practice by focusing your expertise where it matters most while Vincent handles the heavy lifting