As with the Murray Inquiry’s Interim Report, the Final Report highlights cyber security and technology related fraud risks as an emerging trend for the financial services industry that presents many challenges.
At the forefront of the risks that arise is the rapid pace of technological change that is occurring within the financial system and how the system operates.
As a result, the emergence of new technology is placing demands on regulators to be more flexible, and raising issues relating to identity, privacy and cyber security. The Final Report highlights that Australia’s regulators need the funding and skills to meet these challenges into the future.
Specifically in relation to cyber security, the Report recommends an update to the 2009 whole-of-Government Cyber Security Strategy (CSS) to reflect changes in the threat environment, improve cohesion in policy implementation, and progress public–private sector and cross-industry collaboration.
It is recommended that such an update be in conjunction with the establishment of a formal framework for cyber security information sharing and response to cyber threats.
As noted in the Interim Report, due to the advances in technology and the sophistication of cyber-crime, even in the space of five years the CSS is now largely out of date and lags behind similar strategies adopted in the US, UK, Canada, New Zealand, France, Germany, Japan and Singapore.
While financial institutions obviously retain ultimate responsibility for maintaining the security of their own systems, an updated CSS will provide a framework that will allow institutions to collaborate with Government and co-ordinate their efforts.
Interestingly, the Inquiry did not go so far as to formally recommend a model that was under consideration at the time of the Interim Report – being the Financial Services Information Sharing and Analysis Center (FS-ISAC) in the US, which is a collaboration between financial institutions and government.
Even so, it is likely that updates to the CSS will include a greater push for public and private sector collaboration. A current push for US-style legislative reforms here, focussing on fraud risks in the private sector, will also need to cover risks arising from cyber-crime. This, coupled with updates to the CSS and the development of a formal mechanism for public–private sector collaboration, will further improve the resilience of the financial system.