The head of the the (BaFin) said on Tuesday that financial institutions need to strengthen their cybersecurity procedures.
Speaking at a conference in Frankfurt, , the president of the German regulator, said that “IT security is a matter for the boss”.
At the same event, Hufeld also said that BaFin and Germany’s central bank – – were considering forcing banks to start running cybersecurity stress tests.
Currently, there is some legislation in action throughout the European Union that forces firms to adhere to certain practices.
Most notably, (GDPR), which anyone who has stepped foot in an office over the past two years will be aware of, went live earlier this year.
GDPR – not enough for BaFin
Breaches of the regulation are also harsh. Firms that slip up can be fined €20 million ($22.79 million) or 4 percent of their annual revenue – whichever is higher.
Though GDPR has been the talk of every board meeting for the past couple of years, it is not exactly cybersecurity regulation.
In fact, its precepts are much more geared towards – as its name suggests – protecting customer data. True, there are fines for not reporting data breaches but it doesn’t require firms to do anything to protect that data.
To those working in liquidity or banking book risk, Hufeld’s suggested stress tests will be familiar.
Regulators’ endless demands for liquidity stress tests, whether it be meeting the net stable funding ratio (NSFR) or liquidity coverage ratio (LCR), give some idea as to what a cybersecurity stress test may look like.
Will the cyborgs in Brussels and Berlin start mandating them soon? Watch this space.
Be First to Comment