Introduction: The impending European cybersecurity law, set to take effect in early 2025, poses significant challenges for financial firms and their technology suppliers. While compliance requires substantial adjustments in risk management practices, it also presents opportunities to enhance security standards across the industry.
Key Compliance Requirements:
- The law mandates changes in security testing procedures and reporting protocols for cybersecurity incidents.
- Financial firms must address identified security weaknesses comprehensively and conduct advanced penetration tests every three years.
- Non-compliance could result in fines and directives to revamp security processes.
Impact on Technology Suppliers:
- Small and large technology suppliers alike face a paradigm shift in managing cyber risks, necessitating substantial adjustments to their business models.
- Enhanced security standards will level the playing field among technology suppliers, benefiting financial institutions.
Empowering Financial Institutions:
- The law aims to empower financial institutions in negotiating security enhancements with technology providers, addressing concerns over contractual bargaining power.
- Improved oversight is crucial, particularly concerning fourth-party suppliers, to mitigate potential risks to financial firms.
Challenges and Frictions:
- The collaboration between cyber and risk teams is essential for effective risk management, although overlapping responsibilities may lead to friction.
- Ambiguity persists regarding the specific role and title of the top executive responsible for cyber risk oversight.
Conclusion: While the European cybersecurity law presents significant compliance challenges, it offers an opportunity to bolster security standards across the financial industry. Collaboration between stakeholders and a proactive approach to risk management will be essential in navigating the evolving cybersecurity landscape.
Discover more from TEN-NOJI
Subscribe to get the latest posts sent to your email.
