A joint committee for the EU has released a report on Risks and Vulnerabilities in the EU Financial System, in which cybersecurity, including the rising use of blockchain technology, is marked as a major concern for the financial sector.
One of the problems facing financial institutions is the increase in the adoption of mobile technology and the common expectation for always-on, 24-7 service availability. This creates an increasing dependence in the financial sector on IT and telecom solutions, which then cause concerns regarding connectivity and outsourcing. According to a 2016 study, 21% of EU enterprises use cloud computing, and over half of those use advanced cloud services for financial and accounting applications. The European banking authority (EBA) has committed to publishing a recommendation for financial institutions on outsourcing cloud services in 2017.
The joint committee also pointed out that financial technology, or FinTech, innovators have a potential to disrupt the system, which will significantly impact the business models of the financial sector. The EBA will complete policy work this year that will examine the impact to consumers and to regulatory bodies that may arise from FinTech innovators taking on regulated activities.
Bank spending on FinTech is expected to top $15 billion USD in 2017 in Europe alone, and reach over $50 billion USD globally.
The report notes that the dependence of Financial Market Infrastructures (FMIs) on FinTech puts companies at long-term risk of cyber threats. Specifically, the growing use of distributed ledger technology will put institutions at risk.
Operational technology risks are on the rise across the financial sector, although the level and type of risk may differ across countries, sub-sectors and intermediaries. Because of this, the demand for cyber insurance is expected to rise. However, as products are new with little historical data, underwriting cyber insurance policies is difficult to establish. Currently, the most relevant instances to be covered by cyber insurance are DDoS, data theft, malware, and misinformation.
While further study is required before the EU submits new regulation regarding the financial sector and FinTech adoption, the European Securities and Markets Authority (ESMA) has undertaken a study of cyber risk and controls of financial institutions throughout the EU. These results will be analyzed in light of existing regulations and used in making future recommendations.