Asia’s financial services industry must unite against the threat from cybercriminals

Mark Clancy says an overwhelming asymmetry in the cost of mounting cyberattacks and defending against them leaves an important sector of the Hong Kong economy at serious risk

Reading Time:3 minutes

Hewlett Packard employees work in the HP cyber defence centre in Boeblingen, Germany, to protect clients from cybercrime. Photo: EPA

Published: 11:59am, 12 Feb 2016Updated: 11:59am, 12 Feb 2016

As a key pillar of Hong Kong’s economy, the stability of our financial services industry is rightly taken very seriously. It is estimated that the industry directly contributes more than HK$300 billion or 16 per cent in value to Hong Kong’s GDP.

Yet, there is a growing threat that continues to place the operations of the financial services sector at risk, not only in Hong Kong but globally. This threat – cybercrime – is showing no signs of abating as cybercriminals continue to gain the upper hand due to the relatively low cost of launching cyberattacks and the high cost of defending against them.

Bank of America is one of many financial institutions repeatedly attacked by hackers. Photo: Reuters

For example, a lone hacker can rent the black-market tools online to bring down the website of a major bank for under US$1,000, yet that institution could be forced to spend more than US$1 million to defend itself against this attack. This is more alarming when you consider that one hacker can target multiple organisations using a single piece of malware. This major asymmetry in cost and effort leaves our financial services sector at risk.

One hacker can target multiple organisations using a single piece of malware

The cost of these attacks is clear – the Asia-Pacific cybersecurity market is expected to grow to almost US$33 billion by 2019, with an expected compound annual growth rate of 14.1 per cent between 2013 and 2019, according to figures from MicroMarketMonitor.

There are numerous drivers behind cyberattacks on financial institutions. The motivation usually falls into four buckets – financial gain through theft of money or information; politically motivated attacks by “hacktivists”; cyberespionage to steal secrets for economic or other advantage; and, destructive attacks that strike at the core of a business, such as the unprecedented 2014 attack on the Japanese electronics giant Sony.

A magazine with cartoons of US President Barack Obama, left, and North Korean leader Kim Jong-un at a bookstore in Seoul, South Korea. The United States imposed sanctions on North Korean government officials for a cyberattack against Sony, insisting that Pyongyang was to blame. Photo: AP

Unfortunately for the financial services sector, Sony-style attacks have become more prevalent, often rendering good cyberhygiene and fraud management tools impotent because cybercriminals are intent on damaging the business and its infrastructure rather than stealing money or data. We have seen these types of attacks in parts of Asia and the Middle East and it is concerning that they may become the “new normal”.

Cyber risk remains the No 1 concern globally for the financial services industry

Research repeatedly highlights the increasing risks posed by the actions of cybercriminals. The Depository Trust and Clearing Corporation’s (DTCC) latest systemic risk barometer shows that cyber risk remains the No 1 concern globally for the financial services industry, with 70 per cent of 400 respondents citing it as a top-five risk. A common theme was concern over the frequency and ability to manage attacks.

Select Voice

Choose your listening speed

Get through articles 2x faster

1.25x

250 WPM

Slow

Average

Fast

00:0000:00

1.25x