The head of the Federal Financial Supervisory Authority (BaFin) said on Tuesday that financial institutions need to strengthen their cybersecurity procedures.
Speaking at a conference in Frankfurt, Felix Hufeld, the president of the German regulator, said that “IT security is a matter for the boss.”
At the same event, Hufeld also said that BaFin and Germany’s central bank – the Deutsche Bundesbank – were considering forcing banks to start running cybersecurity stress tests.
Currently, there is some legislation in action throughout the European Union that forces firms to adhere to certain practices.
Most notably, General Data Protection Regulation (GDPR), which anyone who has stepped foot in an office over the past two years will be aware of, went live earlier this year.
GDPR – not enough for BaFin
The hope and joy of workers all across the globe, GDPR requires firms to report any data breaches affecting EU residents within 72 hours. It also allows site users to more easily opt-out of sharing their data.
How to Prepare for CySEC’s New Tiered LeverageGo to article >>
Breaches of the regulation are also harsh. Firms that slip up can be fined €20 million ($22.79 million) or 4 percent of their annual revenue – whichever is higher.
Though GDPR has been the talk of every board meeting for the past couple of years, it is not exactly cybersecurity regulation.
In fact, its precepts are much more geared towards – as its name suggests – protecting customer data. True, there are fines for not reporting data breaches, but it doesn’t require firms to do anything to protect that data.
To those working in liquidity or banking book risk, Hufeld’s suggested stress tests will be familiar.
Regulators’ endless demands for liquidity stress tests, whether it be meeting the net stable funding ratio (NSFR) or liquidity coverage ratio (LCR), give some idea as to what a cybersecurity stress test may look like.
Will the cyborgs in Brussels and Berlin start mandating them soon? Watch this space.