Asia’s financial services industry must unite against the threat from cybercriminals
Mark Clancy says an overwhelming asymmetry in the cost of mounting cyberattacks and defending against them leaves an important sector of the Hong Kong economy at serious risk
As a key pillar of Hong Kong’s economy, the stability of our financial services industry is rightly taken very seriously. It is estimated that the industry directly contributes more than HK$300 billion or 16 per cent in value to Hong Kong’s GDP.
Yet, there is a growing threat that continues to place the operations of the financial services sector at risk, not only in Hong Kong but globally. This threat – cybercrime – is showing no signs of abating as cybercriminals continue to gain the upper hand due to the relatively low cost of launching cyberattacks and the high cost of defending against them.
The cost of these attacks is clear – the Asia-Pacific cybersecurity market is expected to grow to almost US$33 billion by 2019, with an expected compound annual growth rate of 14.1 per cent between 2013 and 2019, according to figures from MicroMarketMonitor.
There are numerous drivers behind cyberattacks on financial institutions. The motivation usually falls into four buckets – financial gain through theft of money or information; politically motivated attacks by “hacktivists”; cyberespionage to steal secrets for economic or other advantage; and, destructive attacks that strike at the core of a business, such as the unprecedented 2014 attack on the Japanese electronics giant Sony.
Research repeatedly highlights the increasing risks posed by the actions of cybercriminals. The Depository Trust and Clearing Corporation’s (DTCC) latest systemic risk barometer shows that cyber risk remains the No 1 concern globally for the financial services industry, with 70 per cent of 400 respondents citing it as a top-five risk. A common theme was concern over the frequency and ability to manage attacks.
One approach to combating this insidious crime is leveraging a community defence model – the coordinated sharing of cyberthreat information among financial institutions in an effort to identify and block attacks. Increasingly, this model of automating threat intelligence is gaining support from the financial services community and beyond.
Asian regulators have adopted a practical approach to the issue. The Hong Kong Monetary Authority is working with the banking industry on establishing a framework and mechanism for the sharing of information on cyberthreats. Encouragingly, regulators in the region have resisted static rules and regulations which can quickly become outdated given the fast-paced evolution of cyberthreats.
READ MORE: Cyberattack could catch Asian banks off-guard
Clearly, we will never be able to rid the world of cyberattacks. However, if Asia’s financial services industry is able to band together to share real-time information on cyberthreats, we will reduce the capabilities of less-sophisticated attackers and force more advanced hackers to work harder. Doing so will also bring down the cost of defending against these attacks, shifting the numbers in our favour.
Mark Clancy is the CEO of Soltra, a DTCC joint venture with the Financial Services Information Sharing and Analysis Centre