The World Economic Forum on Tuesday announced the creation of a new consortium to strengthen cybersecurity for financial technology companies (fintechs) and data aggregators. The consortium’s founding members include global bank Citigroup, insurance company Zurich Insurance Group, fintech lender Kabbage, information technology company Hewlett Packard Enterprise (HPE), and financial infrastructure provider The Depository Trust & Clearing Corporation (DTCC). Its aim is to create a framework for the assessment of cybersecurity in financial technology.
“Cyber-risk is the number-one threat to the financial services industry and its infrastructure, so it is critically important that we work together to share insights and drive best practice,” said Michael C. Bodson, President and Chief Executive Officer of DTCC, USA, and a founding member of the consortium. “This initiative will further strengthen cyber-resilience and foster greater collaboration with our colleagues across the public and private sectors globally.”
The consortium came about after leading cybersecurity experts convened by the World Economic Forum identified the growing threat of cyber-attacks to financial services providers as a key concern for the global financial system. Their assessment and proposed solutions were published today in Innovation-Driven Cyber-Risk to Customer Data in Financial Services, a white paper.
“Cyber breaches recorded by businesses have almost doubled since 2013 and the estimated cost of cybercrime is $8 trillion over the next five years,” said Mario Greco, Chief Executive Officer of Zurich Insurance Group, Switzerland, a participant in the consortium. “We expect the consortium to help adopt best cybersecurity practices and reduce the complexity of diverging cyber regulation around the world.”
Incumbents are increasingly linking technology companies to their system infrastructure – either voluntarily or as a result of regulation such as the European Union’s Payment Services Directive 2 – making it crucial to have a reliable and objective cybersecurity framework in place. At the same time, the assessment will benefit new entrants.
“Fintechs can only deliver on their customer experience promises if the financial system is able to manage the risks adequately,” said Matthew Blake, Head of the Financial and Monetary System Initiative at the World Economic Forum. “This consortium will offer technology companies a clear goalpost and thus enable them to implement sound cybersecurity measures at the product design stage.”
Kabbage Chief Executive Officer Rob Frohwein added: “Kabbage is joining the World Economic Forum consortium because cybersecurity is a never-ending, age-long issue that requires a long-lasting solution for tomorrow and not a Band-Aid for today. We need a living global standard that allows financial services companies to compete and work with incumbent institutions across borders and industries.”
The consortium will commence work immediately in close consultation with the World Economic Forum’s new Global Centre for Cybersecurity in Geneva, Switzerland. It will develop common principles for cybersecurity assessments, guidance for implementation, a point-based scoring framework, and guidance on improving an organization’s score. It will draw upon a similar, domestic-focused project undertaken in 2017 by the US Chamber of Commerce on Critical Infrastructure Protection, Information Sharing and Cybersecurity.
“Financial services firms face specific challenges in managing cyber-risk – from technology and talent to regulations and effective collaboration – that cannot be fully addressed by a single institution,” said Ted Moynihan, Managing Partner, Financial Services, Oliver Wyman Group (MMC), United Kingdom, a knowledge partner for the World Economic Forum’s work on the global financial system.