Regulators across APAC are improving their supervisory capabilities in order to tackle cyber risk, with an increased number of cyber-attacks and date breaches along with the major threat caused to the financial system when this occurs, a report from Deloitte said.
The “Cyber regulation in Asia Pacific” report provided an overview of recent regulations relating to cyber risk in seven jurisdictions—China, Hong Kong, South Korea, Japan, Singapore, Australia and India.
The report noted that the regulatory trend in many parts of APAC and among supranational regulators is to cyber resilience. This approach accepts the inevitability of cyber-attacks, and instead, places focus on strengthening resilience by building holistic and dynamic enterprise-wide cyber risk programmes, securing perimeters and staying vigilant for emerging threats.
As well as this, the focus is also on industry and regulators collaborating to further develop cyber skills and expertise, foster common standards and approaches and support information sharing and facilitating coordinated responses to incidents and attacks.
The report highlighted three main challenges faced by APAC financial institutions (FI).
One of the main challenges is the FIs’ extensive interconnections and interdependence regionally, such as through the SWIFT interbank network and similar software used across the FIs. This means that any weakness in one FI could compromise others.
Secondly, although cyber threats cut across borders, cyber security regulation in the APAC region remains fractured and localised, with no significant moves toward harmonisation, a consequence of the diverse political, economic and socio-cultural background and different technological capabilities.
Thirdly, the report called out the generally lacking human resources capabilities. Organisations have a shortage of dedicated IT security professionals, which means they may have difficulty keeping up with changes in the cyber landscape. Many FIs lack management recognition of the importance of cyber security and fail to adopt a coordinated approach across functions.
The report provides an insight into firms developing a framework for overcoming these challenges and for strengthening cyber resilience, including keeping the board and executive level involved in cyber risk management, conducting regular vulnerability assessments and penetration testing and regularly engaging externally with peers and regulators to encourage information sharing, cooperative and coordinated responses and the development of harmonised standards.
Mr Kevin Nixon, Global & Asia-Pacific Leader, Centre for Regulatory Strategy, Deloitte said: "As financial institutions become more data-driven digital businesses and more financial services are delivered online, cyber risks are increasing. If these cyber risks and responses are not well managed, they could threaten the stability of the financial system.
“We believe that this means only those financial institutions with robust cyber security and cyber risk management will be able to maintain trust and enhance their competitive edge to retain customers."