World Economic Forum Announces Fintech Cyber Security ‘Consortium’

Dan Gunderman

It was announced last week that major players in the financial technology (fintech) space have come together to convene a cyber security consortium – poised to centralize best practices, encourage collaboration and shed light on the widening scope of security as a whole.

News of the consortium was made public on March 6 by the World Economic Forum. It will particularly focus on fintech and data aggregators. Founding members include global bank Citigroup, insurance company Zurich Insurance Group, fintech lender Kabbage, information technology company Hewlett Packard Enterprise (HPE) and financial infrastructure provider The Depository Trust & Clearing Corporation (DTCC). Incumbent members will put forth a framework for security assessment as it pertains to fintech, according to a release.

The World Economic Forum organized the group amid an intensifying threat landscape. Unsurprisingly, cyber-attacks have been identified as a key concern for the global financial system – hence the creation of the group to streamline control and mitigation efforts. The consortium’s proposed solutions have been published in whitepaper format.

In describing the solutions in the report, Stephen S. Poloz, Governor of the Bank of Canada, said, “Cyber risk is a large and rapidly expanding subject, of critical importance to the financial system. The way forward involves breaking cyber risk down into more granular components, and developing practical risk management practices and solutions at that granular level. This report offers a solid step in that direction.”

See Related: Tick, Tock: New SWIFT Security Regs Take Hold Jan. 1

Solutions were developed using a three-stage process to identify cyber-risks. According to the report, they’re based on extensive research, interviews with more than 30 subject matter experts and the project Steering Committee and Working Group meetings.

Participants outlined 19 solutions to amplify fintech security efforts. Two of them have been prioritized for further action by the World Economic Forum project team. Seventeen others have been strongly recommended for consideration.

Two highlights include cyber-risk measurement and cyber security assessment. With the “measurement,” participants proposed standardized methods for risk quantification to improve understanding and comparability of cyber metrics and to maximize return on investment (ROI). The “assessment” calls for enhanced cyber security guidance and mechanisms (common principles, a point-based scoring system and practical steps for improvement).

On the creation, Michael C. Bodson, President and Chief Executive Officer of DTCC, USA, and a founding member of the consortium, said, “Cyber-risk is the number-one threat to the financial services industry and its infrastructure, so it is critically important that we work together to share insights and drive best practice.”

Bodson said the consortium will help “further strengthen cyber-resilience and foster great collaboration with our colleagues across the public and private sectors.

See Related: IoT, DevSecOps & Your Perimeter: The 2018 Cyber Security Digital Summit

Ted Moynihan, Managing Partner, Financial Services, Oliver Wyman Group (MMC), United Kingdom, a knowledge partner for the World Economic Forum, said in a statement, “Financial services firms face specific challenges in managing cyber-risk – from technology and talent to regulations and effective collaboration – that cannot be fully addressed by a single institution.”

“Cyber breaches recorded by businesses have almost doubled since 2013 and the estimated cost of cyber-crime is $8 trillion over the next five years,” said Mario Greco, Chief Executive Officer of Zurich Insurance Group, Switzerland, a consortium member. “We expect the consortium to help adopt best cyber security practices and reduce the complexity of diverging cyber regulation around the world.”

In the release, published in early March, consortium work was said to be commencing immediately, in close connection with the World Economic Forum’s Global Centre for Cyber Security in Geneva, Switzerland. Its agenda is described as a similar undertaking to the U.S. Chamber of Commerce’s domestic study from 2017.

Be Sure To Check Out: Privacy Debate Rages, Cyber Progress Made Through Diversity: Security Pros