Montag, 20.11.2017 08:41 Uhr

Cyber-attacks can do immense harm

Verantwortlicher Autor: Carlo Marino Rome, 08.08.2017, 09:36 Uhr
Presse-Ressort von: Dr. Carlo Marino Bericht 4822x gelesen

Rome [ENA] Cyber-attacks can do immense harm to the businesses of companies, above all banks, insurances and pension schemes. They can lose substantial sums of money and such threats can damage reputations and poison relations with clients. Well-known was what has become known as the Bangladesh Bank robbery of 2016 when hackers managed to extort an estimated $81m (€73m) from the Bangladesh central bank’s account

at the Federal Reserve Bank of New York. It could have been worse. The original plan was to steal almost $1bn, but a sharp-eyed Deutsche Bank employee detected a spelling mistake in the transaction’s documentation and the trick was discovered. The authorities are also strengthening regulations connected with cybersecurity. In the EU, the General Data Protection Regulation (Regulation (EU) 2016/679) is coming into force in May 2018. The new EU data protection regime extends the scope of the EU data protection law to all foreign companies processing data of EU residents. It provides for a harmonization of the data protection regulations throughout the EU, thereby making it easier for non-European companies to comply with these regulations.

However, this comes at the cost of a strict data protection compliance regime with severe penalties of up to 4% of worldwide turnover. In the US, the president has issued an executive order commanding a review of the US’s cybersecurity powerfulness. Other countries too, including China, are improving their cybersecurity defences. Financial institutions should take cyber threats seriously but they should not lose their nerve. The days have long gone when some considered a firewall and some anti-virus software as a satisfactory shield. Technology is becoming more and more advanced and criminals are concocting new ways of penetrating systems.

Pension trustees, for example, feel jeopardized on data protection and cybersecurity issues, according to a recent survey. UK audit firm Crowe Clark Whitehill surveyed 145 pension professionals on risk management issues and found a sort of estrangement on the importance of cybersecurity. Data protection and cybersecurity issues positioned in the top five risk concerns, behind funding volatility, employer covenant strength and investment issues. However, there is a significant difference in views between small and large schemes. Small schemes – defined as having less than £100m (€110.5m) in assets – were more prone to outsource activities to third parties, and so would assume these parties to be responsible for data security.

The survey probed there is a mindfulness within schemes that the personal data that they hold is a valuable commodity and that they need to behave to guarantee the protection of their members’ information. Most trustees are at ease managing financial and regulatory risks, but many of them feel exposed with non-traditional risks such as cybersecurity. More work is desirable to educate pension trustees on managing non-traditional risks which impact pension schemes. The conclusions follow a major cyberattack that hit UK institutions including the National Health Service earlier this year. The incident raised apprehensions about firms’ awareness of data security.

Today, the UK’s Department for Digital, Culture, Media and Sport (DCMS) announced that it would be adopting the EU’s General Data Protection Regulation (GDPR) into its law book. The rules specify 11 mandatory clauses and a series of other actions to be included in contracts with third parties ruling the protection of data. It is very improbable that existing contracts contain all of the compulsory clauses and trustees/managers will therefore need to organize contract reviews and seek amendments.

Trustees/managers need to review processes to protect their companies preventing data breaches. Intruding on data must be detected, isolated, reported and remedied appropriately and these processes must be properly documented. A “robust” cybersecurity policy has to become a key support, for example, for pension schemes and one should therefore prioritize GDPR making companies handling data more responsible with the importance of personal privacy rights. Organizations implementing high-risk data processing will be obliged to realize impact assessments in order to understand the risks affected.

Für den Artikel ist der Verfasser verantwortlich, dem auch das Urheberrecht obliegt. Redaktionelle Inhalte von European-News-Agency können auf anderen Webseiten zitiert werden, wenn das Zitat maximal 5% des Gesamt-Textes ausmacht, als solches gekennzeichnet ist und die Quelle benannt (verlinkt) wird.
Zurück zur Übersicht
Info.