How well do you know the risks associated with a cyberattack on your financial enterprise? How susceptible is your organisation really to cybercrime? What’s the risk awareness like at executive level? Although cybersecurity may not be core business for financial enterprises, it is one of today’s main priorities for them. 

Information security at all levels 

Increasing cybercrime is forcing organisations in the financial sector to try and outsmart those with malicious intent. This isn’t just about IT security, but also about the protection of business processes and information flows at all levels. Protecting the physical environment is a key element as well; this ranges from access to buildings and secure spaces to employee conduct. How do organisations in the financial sector deal with customer-sensitive information? 

Risk awareness

Our specialists can show you how your organisation is doing in the realm of cybersecurity, so that information security is no longer a blind spot for you. We help you identify weaknesses in your processes and tell you where you need to improve to be able to withstand a cyberattack. Do your employees know what to look for? One question you need to ask yourself is this: is the fact that you haven’t suffered a cyberattack so far just a matter of luck or are your processes really that well organised? 

Key aspects of information security 

There are three aspects that are key for the cybersecurity of financial enterprises. The first is the reliability of information flows (and transactions); the right amount must be in the right place at the right time. Secondly, financial enterprises need to make sure that they protect financial and privacy-sensitive information and treat this information confidentially. The third aspect is information availability, especially when timing is crucial, for instance if you offer a tool for managing and trading shares.

Hot issues: privacy rules and cyberattacks

As part of the Dutch Personal Data Protection Act, organisations in the financial sector became subject to the obligation to report any data breaches to the Dutch Data Protection Authority within 72 hours on 1 January 2016. Organisations that don’t duly notify the Authority will only be able to avoid a hefty fine if their data protection procedures and processes are well-organised and their employees are aware of their reporting obligation. But there’s more.

Tighter privacy rules

On 25 May 2018, the obligation to report data breaches was tightened further by the European General Data Protection Regulation (GDPR), which governs any organisation (wherever in the world they are based) that has access to privacy-sensitive information on European residents. The GDPR is even more far-reaching than the reporting obligation. Since 25 May 2018, organisations have been required to provide access to the personal data of a citizen, customer, employee or former employee, or even to remove this data from its systems, within a few weeks of that person having made a request to that effect. And that’s a gargantuan task for many organisations. 

Sharing information about cyberattacks and threats

In this day and age, every sector should arm itself against cybercrime, but financial enterprises are particularly vulnerable to attacks. That’s why, in May 2018, a Dutch came into effect that - based on European regulations - forces financial enterprises to share information on cyberattacks and threats. Dutch businesses are expected to report any such attacks and threats to the Dutch Ministry of Security and Justice, which has added to the workload for them.

What BDO can do for you 

BDO has an excellent grasp of the law and knows about the latest attack techniques. We can help you improve and maintain your procedures in every stage of the process. You can even have us perform a stress test of your IT systems. BDO’s cybersecurity services are three-pronged:

1. Scan: we perform a risk assessment of your cybersecurity procedures. What role does cybersecurity play in your organisation? How great is the risk? What actions have you taken and what more can you do? These are just some of the questions we’ll answer for you.
2. Improve: the scan has revealed certain areas for improvement. We can help you implement the required changes. This may involve IT solutions, new business processes or a conduct awareness campaign.
3. Maintain: your cybersecurity procedures are adequate, you’re happy with them. But how to keep it that way? IT solutions come fast and furious; there are new business developments, rules are changing and hackers are becoming smarter all the time. To keep your information security up to par, BDO would be happy to offer you the services of an interim Security/Data Protection Officer.

Want to find out more about how BDO can help your organisation? Please feel free to contact one of our specialists for an informal chat with no strings attached. Or read more about cybersecurity here.