04 Jul ECA Roundtable: Building the Right Cybersecurity Framework in the Financial Sector
The European Cloud Alliance hosted a roundtable discussion on 19 June on “Building the Right Cybersecurity Framework in the Financial Sector.” Public and private sector participants discussed recent technology and policy developments focused on cybersecurity in the cloud, in the financial services sector context. Lisa Rabbe, Founder and CEO of Stratosphere Advisors LLC and Advisor on financial services to the ECA moderated the debate. Panellists were Slavka Eley, Head of Unit, Banking Markets, Products and Innovation at the European Banking Authority, Peter Kerstens, co-chair of FinTech Task Force at the European Commission, Sylvain Bouyon, Coordinator of CEPS Taskforce on Cybersecurity in Finance at the Centre for European Policy Studies, Jesús Lozano, Senior Economist in the Digital Regulation Department of BBVA and Mark Smitham, Senior Manager for EMEA Cybersecurity Policy at Microsoft.
Slavka Eley gave an overview of key elements of the European Banking Authority’s cloud outsourcing guidelines relevant to cybersecurity including materiality assessment guidelines, access and audit rights. She highlighted three priorities for cybersecurity: 1. Improving governance and risk management; 2. Improving people risks; and 3. Resilience testing. She noted that the EBA has just updated outsourcing guidelines and will publish those for consultation soon. Peter Kerstens of DG FISMA provided insights into the cybersecurity related aspects of the EU FinTech Action Plan, notably on information sharing, ICT security requirements and supervisory convergence on them, and penetration testing. He noted that to assess a given institution’s cybersecurity, it is necessary to do so across three areas: 1. Confidentiality; 2. Integrity; and 3. Availability of assets and data.
Microsoft’s Senior Manager for EMEA Cybersecurity Policy Mark Smitham discussed cloud and cybersecurity technology developments including Intelligent Edge computing, Intelligent Cloud and Azure Sphere and how these contribute to security. Microsoft’s White Paper on cloud outsourcing for financial services, written in response to the European Banking Authority’s cloud outsourcing guidelines, was also mentioned. BBVA’s Digital Regulation Senior Economist Jesus Lozano provided perspectives on cloud vs IT mainframe in the security and information sharing context. Sylvain Bouyon discussed the recently published “Cybersecurity in Finance” paper by the Centre for European Policy Studies (CEPS) Task Force, highlighting challenges such as common statistics, information sharing, cyber ratings, cyber resilience and how to mitigate the effects of a significant cyber attack. The audience participants contributed perspectives on these topics plus the challenges of multi-jurisdictional cybersecurity information requests.
The European Cloud Alliance welcomes the European Commission and EBA initiatives on cybersecurity and cloud, and is pleased to have facilitated an industry policy exchange on these important topics.