NEW YORK CITY—As the world-at-large grows more aware of cyber security—which will be the topic of conversation at a conference here in December—new mandatory requiremnets from financial industry oversight organizations, as well as strongly worded advice, concerning preparedness and the means to address a breach are becoming more prevalent.
The rise in guidance, of course, would impact investment banks with commercial real estate divisions, and will likely trickle down to other types of companies. And while some companies leave the matter of cyber security in the hands of information technology departments, this increased crack down has led some executives to question that strategy.
“More and more, with company directors facing liability, there's an awareness that trusting what the IT department is saying isn't sufficient and it's not going to hold up with regulators,” says cyber security expert Winston Krone, managing director of Kivu Consulting. “We're getting more calls from general counsels who want a better investigation.”
Those corporate lawyers have reason to be paranoid, he notes. Earlier this year, the NYS Dept. of Financial Services issued a letter to CEOs, CIOs and general counsel officers stating that the organization “has expanded its information technology examination procedures to focus more attention on cyber security.”
The letter goes on to demand of each organization a 16-part detailed report that, in part, outlines specific systems in place to safeguard information, describes an entity's 'incident report program' and even includes the job description or resume of the CIO or person overseeing cyber security.
Rules such as these likely will spread to more states, asserts Krone. “Other states will simply copy what New York is doing. Regulation only will increase, it's not going to go down.”
Other oversight organizations, including the Financial Industry Regulatory Authority and the Securities and Exchange Commission, have been conducting surveys and—in reports issued throughout the year—are urging members to take numerous proactive steps to guard cyber security.
Meanwhile, in its annual survey of mid-market companies, Deloitte notes a hefty rise in both the cost of a cyber security breach and some concerning new cyber attack trends.
“The average cost of a data breach increased by 23% between 2013 and 2015, with an average price tag of nearly $3.8 million per breach,” the report says, citing data from Ponemon Institute. Further, Deloitte & Touche partner Adnan Amjad, who leads Deloitte's cyber threat management practice, says in the report, “An issue of particular concern for mid-sized companies is enacting training to spot the types of attempts to get information.”
Hackers are becoming increasingly sophisticated with a number of techniques, he adds, “including personal details about employees that convince even the most skeptical employees within organizations to divulge proprietary information or even write a check.”
Also of note, according to the research, is an increased risk faced by firms that allow employees to access and send information remotely. “It's relatively easy to exploit and harder to cope with from an IT perspective,” Amjad reveals. “Organizations are well-served if they have the ability to remotely delete files on devices that are lost or otherwise exit the company.”
Want to continue reading?
Become a Free ALM Digital Reader.
Once you are an ALM Digital Member, you’ll receive:
- Breaking commercial real estate news and analysis, on-site and via our newsletters and custom alerts
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the property casualty insurance and financial advisory markets on our other ALM sites, PropertyCasualty360 and ThinkAdvisor
Already have an account? Sign In Now
*May exclude premium content© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Rayna Katz
Rayna Katz is a seasoned business journalist whose extensive experience includes coverage of the lodging sector, travel and the culinary space. She was most recently content director for a business-to-business publisher, overseeing four publications. While at Meeting News, a travel trade publication, she received a Best Reporting award for a story on meeting cancellations in New Orleans during Hurricane Katrina.
