The rise of the regulator: new rules, new requirements, new headaches

SECURING FINANCIAL SERVICES

25th January, 2024 • London, UK

The rise of the regulator: new rules, new requirements, new headaches

 

In Europe, the UK, the US and Asia, regulators are finally taking cybersecurity seriously

It seems a little odd, given how much regulation there is around market abuse, consumer duty and financial crime, that there has been so little regulatory focus on cybersecurity. Yes, data privacy and resilience have come under the spotlight, but given the huge surge in attacks and the increased risks posed by geopolitical developments, it is surprising regulators have taken so long to revise and add to their rulebooks around cyber.

 

But they are. In Europe NIS2 imposes significant new burdens on organisations and UK-based organisations with EU operations will have no choice but to adhere to them.

 

In the US, the SEC has just The Securities and Exchange Commission today adopted rules requiring registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance. The Commission also adopted rules requiring foreign private issuers to make comparable disclosures.

 

“Whether a company loses a factory in a fire — or millions of files in a cybersecurity incident — it may be material to investors,” said SEC Chair Gary Gensler.

 

That statement explicitly links cybersecurity to enterprise value and makes it a matter of legitimate concern to investors. This is another story that links security to governance but also starts to assign real value to good security.

 

And in Australia (and elsewhere in Asia) regulators are also planning their next moves. In July consultation opened on options for regulatory reforms and voluntary incentives to strengthen the cyber security of Australia's digital economy.

 

While the regulators continue to develop stricter frameworks around cybersecurity, the hackers have worked out that banks themselves are often very well defended. So instead of attacking directly, it’s easier to go in via third-parties or take out key market infrastructure in the same way.

 

This year’s attack on Ion Cleared Derivatives, a third-party service provider of cleared derivatives order management, order execution, trading, and trade processing, caused significant disruption and was a taste of how future hacks may look.

 

And there’s a link to regulation there too: the CFTC noted that the attack compromised firms’ ability to provide regulators with timely and accurate data. So, regulators are beginning to understand that poor security affects their ability to regulate. They will certainly respond.

 

Securing Financial Services will look at cybersecurity at a time of underlying stress in the banking system. Join our real-life case studies and in-depth technical sessions from the security and privacy teams at some of the world’s most admired brands.

  • The rise and rise of effective cybersecurity regulation

    • Data privacy is only a small part of the picture.
    • Regulators are looking at operational resilience in key sectors like finance – securing the wholesale payments market is a priority and others will follow.
    • They are looking at disclosure and fining the miscreants. How to comply with new regimes?
  • Mapping resources and controls to material business risks

    • How can CISOs understand which threats represent real business risks?
    • It’s easy to say ‘talk to the business’ – but how does that conversation work?
    • If it does then CISOs can create a framework for prioritizing security, resilience, incident response and BCP spend. 
    • So, what does this look like in practice?
  • Developing the next generation of security leaders

    • If cybersecurity is to change to meet the evolution of our digital world, then so must those who implement it.
    • CISOs cannot cling to an IT paradigm and companies must move away from hiring on false pretences (on budget and commitment) and firing at the first breach.
    • What does a next-gen CISO look like and are you one of them?
  • From cybercrime to cyberwar

    • Blurred lines between cyber-spies, cybercriminals and cyber-armies have transformed the (in)security landscape
    • Nation-state exploits are now widely available
    • How can the various elements of government work better with private sector solution providers and endusers to build security that can cope with not-quite-nation-state attackers?
  • Reining in BigTech

    • Resilience and security increasingly come down to key dependencies outside the organization.
    • With on prem tech the past and Cloud and external IT the future, how do public and private sector organisations ensure security when they rely on vendors who are vulnerable but above leverage with even their biggest clients?
    • Time for governments to step in?
  • Securing digital currencies and DLT

    • The move towards non-cash payment methods during the crisis has been extreme, and looks irreversible.
    • Many more governments are now looking at developing their own digital currencies.
    • How do we go about securing a world in which most - perhaps all - payments are digital?
    • And what about the blockchain?
  • Managing insider threats at a time of crisis

    • When economies are under stress, employees too can find themselves in financial difficulty. When geopolitical tensions rise, people can take sides.
    • Insider threats of various kinds become far more prevalent and dangerous at times like these.
    • How have security and other MIS tools matured to make detecting malicious insiders easier and more accurate?
  • From Cloud security to Cloud incident response

    • Recent Cloud outtages have disrupted low-level infrastructure
    • They have also disabled cybersecurity solutions and sometimes shut down corporate access to critical network assets
    • As well as managing Cloud security, CISOs need good Cloud incident response. How are they going about it?
  • Cloud native next

    • Applications have become increasingly complex, with users demanding more and more.
    • They expect rapid responsiveness, innovative features, and zero downtime.
    • Performance problems are no longer acceptable - they'll easily move to your competitor.
    • Should you go Cloud Native? What does this mean for security in practice?
  • Embracing risk management

    • Until cybersecurity is truly seen as risk management and not a whack-a-mole IT problem, the hackers will continue to evade outmoded control frameworks
    • Part of this is down to CISOs, part of it to Boards and part of it to solution providers
    • The banks have done it. When will the rest of business catch up?
  • Solutions for CISO burnout

    • The number of security professionals on LinkedIn who’ve left without another job to go to is astonishing given the shortage of cyber-talent.
    • Are CISOs being fired for breaches?
    • Are they quitting companies who’ve lied about their commitment to security?
    • How can firms solve this problem?

     

  • Securing the technologies of the future

    • Quantum computers, web3, multiple types of distributed ledger technology, augmented and virtual reality, the Metaverse, AI-driven applications and even organisations, automation as a service
    • These technologies are happening now and they all have security implications
    • Who is thinking about how to secure future tech?

Who Attends

Job titles

Cyber Threat Intelligence Relationships Manager
Security Architect
Cyber Analyst
Software engineer
Senior Information Security Analyst
Third Party Risk Lead
Project Manager
Infrastructure Project Principal
Head of Security Risk & Compliance
Chief Technology Officer
Chief Information Security Officer
Financial crime Executive
PCI DSS Support Function Manager
Cyber Analyst – Resilience
Lead Operational Risk Framework Manager
Lead Security Engineer
Business Security Consultant
CSO Risk & Controls
Lead Devops Analyst
CISO
IT Director
Senior Cyber Specialist
Cyber Security Engineer
Chief Risk Officer
Cyber Security Manager
Senior Internal Audit Manager
Technology & Cyber Risk Manager
Associate Director- EIOD IT Information Security Officer
Fraud Analyst
Information Security Officer
Senior Systems Engineer
IT Support Analyst
CIO and CISO
Head of Risk
Director - Technology and Cyber Risk
Vice-President Technology - Operational Resilience and 3rd Party Risk Oversight
Chief Technology Risk Manager, Head of Information Security & Data Privacy
Vice President, Technology and Cyber Risk Oversight
Head of Tech Ops & Cyber
Senior Information Security Officer
Executive Director, Europe
CTO
Secure Development Manager
Head of Audit
Head of Information Security
Principal Cyber Threat Intelligence Analyst
Head of IT Risk Governance
Manager - IT
Head of Infrastructure
Global Head Cyber Incident Response
Head of IT Security
Senior Cyber Security Engineer
Senior Information Security Governance, Risk & Compliance Analyst
Cyber Threat Intelligence Manager; Tactical & Operational
VP - Cyber Fraud Fusion Centre
Senior Investigator
Global Resilience Risk Specialist, Cloud Senior Manager
Senior Advisor Information Technology
Information Security Manager
Director of Business Information Security
Director of Technology
Director Business Information Security (BISO)
Chief Administration Office - Data Protection & Information security
Cyber Risk Consultant
Security Assurance Team Leader
Director - Fraud Investigations
Head of IT
Information Security and Data Protection Officer
DPO
Chief Information Security Officer
Security Engineer Architect
IT Security Analyst
Head of R&D and Engineering Cyber Fraud Fusion Centre
Enterprise Solution Architect
Head of Technology and Cyber Resilience Risk Oversight
InfoSec Analyst
Information Security Manager
Head of Digital CyberSecurity
Investment Adviser, UK and Ireland
Trade Advisor
CISO
Cyber Security Manager
Senior DevOps Manager
Head of IT & IS
IT Infrastructure & Security Manager
Director, Security Controls Services
VP, Cyber Investigations
Group Head of Information Security and Cyber Risk
Program Manager - Customer Identity and Access Management
Head of Internal Audit
Product security Lead VP
Head of Cyber Intelligence
Information Security Communications & Education Manager
Information Security
Vulnerability Lead Analyst
Security Architect
Technical Architect Cloud Security
Third Party Risk Consultant
Information Security Specialist
Privacy Officer
Head of Cyber Risk Intelligence, Insider Technology Risk and Digital Asset Risk
Cyber Manager
IT Security Analyst Specialist
Senior Manager - Digital Transformation
Vice President - IT Operations
International CIO
Lead - Ops/Tech Risk CA
Associate Director - Infrastructure Risk Management
Information Security Principal
Security Architect
Cyber Security & Operational Resilience Manager
Chief Risk Officer
Vice President, EMEA & UK/I for Cyber Hygiene
Information Technology Audit Manager
Network Security Architect
GRC Manager
Cybersecurity Compliance Manager
Director - Information Security Operations and Threat Intelligence
Senior Special Agent - Global Security
Cyber Security Risk Associate
Executive Director, Cybersecurity & Technology Control Governance & Program Management
Chief Information Security Officer
Business Information Security - Chief Information Security Office
Security Architect
Senior Director, Global Security Operations
Consultant
Senior Security Specialist
Cloud Security & DevSecOps Consultant
IT Audit Manager
Head of IT
Security Analyst
Infosec Analyst
CISO - Corporate Functions
Manager – Strategy & Intelligence; Investigations, Insider Risk and Data Loss Protection
Information Security Officer
Vice President, EMEA Regulatory Engagement Team
IT Manager
Resilience Risk Senior Digital Manager

Organisations

MasterCard
Santander
Bank of England
Man Group Plc
US Bank
Financial Services Information Sharing and Analysis Center (FS-ISAC)
African Development Bank (AfDB)
European Bank for Reconstruction & Development (EBRD)
AXA XL
Allianz
LV=
CIMB
NatWest Group
Pay.UK
Metro Bank
Beacon Platform
Mizuho
Credit Suisse
LSEG (London Stock Exchange Group)
NorthStandard
Specialist Risk Group
British International Investment
Lloyds Banking Group
OakNorth
Alpha Group (Alpha FX)
Pepper Money UK
Allianz
Mizuho
NatWest Group
First Abu Dhabi Bank
Suffolk Building Society
AEGIS London
Bibby Financial Services
Atomos
OakNorth
MUFG - Mitsubishi UFJ Financial Group
Natixis
MUFG - Mitsubishi UFJ Financial Group
Triple Point
Weatherbys Bank
Financial Services Information Sharing and Analysis Center (FS-ISAC)
Oxbury Bank Plc
HSBC
NatWest Group
Salary Finance
LSEG (London Stock Exchange Group)
Bupa Global
StreamBank
UnityLink Financial Services Limited
S&P Global
Kroo Bank
Bank of England
Legal & General
Fidelity International
Barclays
M&G plc
HSBC
Redwood Bank
AXA
LSEG (London Stock Exchange Group)
Financial Wellness Group
LCH
Commerzbank
Zurich Insurance Group
MarkerStudy
American Express
Europe Arab Bank
Allica Bank
Metro Bank
Beazley
Standard Bank Group
Financial Services Compensation Scheme (FSCS)
Barclays
Embark Group
abrdn
Legal & General
Legal & General
Lloyds Banking Group
Business France
Business France
Orbital
Royal London
LSEG (London Stock Exchange Group)
Suffolk Building Society
Alpha Bank
LSEG (London Stock Exchange Group)
Barclays
Bank of Ireland
UBS Group
Pepper Money UK
JPMorgan Chase & Co.
Envelop Risk Analytics Ltd
Allianz Holdings Plc
Natixis
MasterCard
Santander
Munich Re
Provident Financial Group
Vanquis Bank
Raymond James Financial
BNP Paribas Group
Pay.UK
FIS Global
Santander
Intellect Design Arena Ltd
Jefferies
Credit Suisse
Royal Bank of Canada (RBC)
European Bank for Reconstruction & Development (EBRD)
LSEG (London Stock Exchange Group)
NorthStandard
Credit Suisse
Deutsche Bank Group
MUFG - Mitsubishi UFJ Financial Group
Deutsche Bank Group
Moneycorp
HSBC
MasterCard
American Express
Mizuho
JPMorgan Chase & Co.
Allica Bank
Deutsche Bank Group
Insight Investment Management
Planet
Multigate
Mizuho
FIS Global
M&G plc
Union Bank UK
StoneX Group Inc.
Verto Fx
Credit Suisse
Lloyds Banking Group
Landesbank Baden-Württemberg
JPMorgan Chase & Co.
DorisIT
HSBC

Company headcount

5000-9999
100-499
3000-4999
10,000+
10,000+
10,000+
100-499
100-499
10,000+
100-499
10,000+
10,000+
100-499
10,000+
5000-9999
3000-4999
3000-4999
10,000+
10,000+
10,000+
10,000+
100-499
1000-1999
100-499
10,000+
500-999
2000-2999
1000-1999
1000-1999
10,000+
10,000+
10,000+
10,000+
10,000+
10,000+
10,000+
10,000+
10,000+
1-99
500-999
1-99
3000-4999
3000-4999
100-499
5000-9999
100-499
100-499
100-499
100-499
5000-9999
10,000+
10,000+
10,000+
10,000+
10,000+
10,000+
500-999
1000-1999
3000-4999
10,000+
10,000+
10,000+
100-499
1000-1999
5000-9999
5000-9999
5000-9999
10,000+
10,000+
10,000+
10,000+
10,000+
10,000+
10,000+
10,000+
10,000+
5000-9999
5000-9999
5000-9999
2000-2999
1000-1999
10,000+
10,000+
10,000+
3000-4999
3000-4999
10,000+
10,000+
10,000+
10,000+
500-999
10,000+
10,000+
10,000+
1-99
10,000+
10,000+
10,000+
10,000+
10,000+
10,000+
100-499
100-499
500-999
500-999
100-499
1-99
100-499
100-499
100-499
100-499
2000-2999
2000-2999
5000-9999
1-99
10,000+
2000-2999
10,000+
100-499
10,000+
10,000+
10,000+
500-999
10,000+
3000-4999
100-499
100-499
100-499
100-499
10,000+
1-99
100-499
10,000+
1000-1999
1-99
100-499
10,000+


Venue

Park Plaza Victoria, London

vpp

Location:
Park Plaza Victoria
239 Vauxhall Bridge Road, London, UK, SW1V 1EQ
Telephone: 0333 400 6140

Directions:
Please click here