Brought to you by:

Co-operation central to building cyber resilience

Australia’s financial services regulators and their Asia-Pacific counterparts must work more closely together to deal effectively with cyber attacks, according to Deloitte.

Financial institutions must do likewise, the global consultant’s Cyber Regulation in Asia-Pacific report says.

“The regulatory trend in many parts of Asia-Pacific and among supranational regulators is to cyber resilience,” the report says.

“Strategies that enhance measures in securing perimeters and staying vigilant for emerging threats, which also ensure insights flow through to a resilient cyber ecosystem and that have senior support and oversight, will be the cyber-risk strategies that best position financial institutions to stay ahead of regulatory expectations.

“Beyond this, industry and regulators should work together to further the development
of cyber skills and expertise, to foster common standards and approaches, to support information sharing (across borders, between institutions and between regulators and regulated) and to facilitate co-ordinated responses to incidents and attacks.”

Cyber attacks are becoming more frequent and sophisticated, and cyber crimes cost $US575 billion ($730 billion) a year, the report says.

Cyber-security regulation in the region remains fractured and localised, and institutions struggle to understand regulatory idiosyncrasies at “country level”.

“The lack of a harmonised and co-operative regulatory environment in part reflects the political, economic and socio-cultural variety in the region, the significantly differing technological capabilities and the geopolitical concerns unique to each nation.

“Cyber-security threats are not confined within national borders. The financial system is extensively interconnected and there is increasing information and communications technology interdependence within Asia-Pacific.”

The report covers seven jurisdictions: Australia, China, Hong Kong, South Korea, Japan, Singapore and India.

It says mishandling of data in the outsourcing process is an emerging area of focus for Australian financial services regulators.