Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyber Insurance

World Economic Forum Announces New Fintech Cybersecurity Consortium

Following the announcement of a new Global Centre for Cybersecurity, the World Economic Forum (WEF) has today launched a new fintech-focused initiative: WEF’s Fintech Cybersecurity Consortium. Its aim is to create a framework for the assessment of cybersecurity in financial technology firms and data aggregators.

Following the announcement of a new Global Centre for Cybersecurity, the World Economic Forum (WEF) has today launched a new fintech-focused initiative: WEF’s Fintech Cybersecurity Consortium. Its aim is to create a framework for the assessment of cybersecurity in financial technology firms and data aggregators.

The founding members of the new consortium include global bank Citigroup, insurance company Zurich Insurance Group, fintech lender Kabbage and financial infrastructure provider DTCC. Their intention is to develop common principles for cybersecurity assessments, guidance for implementation, a point-based scoring framework, and guidance on improving an organization’s score.

“Cyber breaches recorded by businesses have almost doubled since 2013 and the estimated cost of cybercrime is $8 trillion over the next five years,” said Mario Greco, Chief Executive Officer of Zurich Insurance Group, Switzerland, a participant in the consortium. “We expect the consortium to help adopt best cybersecurity practices and reduce the complexity of diverging cyber regulation around the world.”

The $8 trillion figure comes from a May 2017 report from Juniper Research. More recently, McAfee reported that the cost of global cybercrime is $600 billion

The new consortium will commence immediately, working closely with WEF’s Global Centre for Cybersecurity being established in Geneva. It expects to draw upon a similar, domestic-focused project undertaken in 2017 by the US Chamber of Commerce on Critical Infrastructure Protection, Information Sharing and Cybersecurity. A detailed description is found in a separate whitepaper, Innovation-Driven Cyber-Risk to Customer Data in Financial Services (PDF).This paper makes it clear that the work will draw upon existing frameworks, with particular reference to NIST.

WEF spokesperson Georg Schmitt told SecurityWeek that the consortium is “doing this to step in where regulators might not (yet).” The paper makes it clear that recent cyber developments are considered to be a major threat to the financial sector. Two of these are the evolution of open banking driven by European finance legislation such as PSD2 ; and the customer privacy regulations, led perhaps by GDPR. The former increases fintech’s attack surface, while rapid growth in the IoT and use of AI algorithms increases the amount of PII collected and stored.

“It’s a smart move to highlight data aggregators as a point of cyber vulnerability,” David Shrier, CEO of Distilled Analytics told SecurityWeek. “You have only to look at the Equifax hack to understand why this is important. And classically they are not considered fintechs, so it’s worthwhile to call them out separately.

“Unknowingly,” he adds, “in our race to adopt new technology over the past 20 years, we have ceded a massive amount of personal information to these third parties (data aggregator and fintech alike), and it has created gigantic cyber vulnerabilities.”

Advertisement. Scroll to continue reading.

Kabbage CEO Rob Frohwein explained: “Kabbage is joining the World Economic Forum consortium because cybersecurity is a never-ending, age-long issue that requires a long-lasting solution for tomorrow and not a Band-Aid for today. We need a living global standard that allows financial services companies to compete and work with incumbent institutions across borders and industries.”

The Fintech Cybersecurity Consortium will develop a cybersecurity assessment framework for fintechs and data aggregators. This will, in theory, enable new firms to interconnect with fintech and aggregator firms with greater confidence. 

Some firms will likely balk at yet another fintech framework-come-regulation, particularly since it will evolve from existing frameworks. “Unfortunately, this really doesn’t change the game in any way (that I can tell),” comments Nathan Wenzler, chief security strategist at AsTech. “It is likely to get a, ‘it’s yet another regulation for us financial companies’ kind of reaction. Yes, some financial firms might be interested. If this was any other industry besides finance, it might be something more significant. As it stands, they’re pretty numb to all the regulatory requirements they deal with everywhere.”

Shrier is more optimistic. “We have seen the WEF tackle other areas with paradigm-shifting thought leadership, so, provided they get the right experts in their working group, this could be additive to improving cybersecurity. While this new effort is not guaranteed to succeed, our problem today is too many headlines about cyber breaches and not enough systems thinking about cyber solutions. The WEF group has a chance to raise serious cyberthinking in the C-suite and board room proactively, instead of reactively after an incursion.”

RelatedWorld Economic Forum Announces Global Centre for Cybersecurity

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cyber Insurance

Cyberinsurance and protection firm Boxx Insurance raises $14.4 million in a Series B funding round led by Zurich Insurance.

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Email Security

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...