• Financial Technology (FinTech) providers are key to the structural enhancement of financial services during the Great Reset.
  • Cybersecurity is critical to ensuring consumers and businesses can leverage the benefits of FinTech and bounce back from the crisis.
  • The World Economic Forum’s FinTech Cybersecurity Consortium released recommendations for a common approach to cybersecurity controls.

The COVID-19 pandemic highlights the need to reduce the world’s reliance on central points in the financial system – facilitating value creation everywhere and supporting trade from periphery to periphery, not just from hub to hub.

And key to this structural enhancement of the financial system are Financial Technology, or FinTech, providers.

FinTech innovations deliver tremendous economic and social benefits, connecting unbanked and underbanked populations to the digital economy, contributing to small business growth and empowering consumers in new and exciting ways.

—Sunil Seshadri, Chief Information Security Officer, Visa

Trust and security are essential.

To help the economy bounce back from the COVID-19 crisis, citizens and small businesses need innovative ways to access financial services. And if new FinTech services are to be adopted at the speed necessary for economic recovery, citizens must be able to trust that the technologies are secure and that their assets are protected.

Cybersecurity, then, is essential to ensuring that consumers and businesses can leverage the benefits of FinTech.

As our digital landscape expands along with our dependence on it, our expectations of cybersecurity need to be continuously considered and refined. Cybersecurity must never be an afterthought.

—Adam Sommer, Vice President, Industry Standards, Mastercard

The Challenge: Fragmentation

Cybersecurity is not a problem just for FinTechs. The FinTech revolution in financial services links organizations with varying degrees of cybersecurity maturity levels. The threat posed by cybercriminals and fraudsters creates shared risks across the financial system and must be managed collaboratively.

There are many approaches FinTechs can take to make themselves cybersecure. Yet it is not always clear which control frameworks best allow a FinTech to secure its assets, create trusted commercial partnerships with established firms and ensure compliance with relevant regulations in the jurisdictions in which it operates.

Established financial services providers have a number of frameworks, standards and industry-driven initiatives available to test the security of FinTechs and other third parties. However, the volume of industry initiatives – driven by the pace of technological change and the multiplication of regulations – is now creating “noise”. This makes it difficult for FinTechs to direct their resources in a way that allows for security while also facilitating commercial partnerships.

Requirements placed on FinTechs sow confusion, increase costs and may incentivise “security through obscurity”, in which less well-resourced firms play a game of chance, betting that they’re too small to be targeted by attackers and setting themselves up for problems in the future.

The Solution: Collaboration

The sector needs a mutually understood and widely accepted base level of cybersecurity controls. Clarity at the base level of security will support effective protection of business and client assets across the wider supply chain. This can accelerate the speed at which FinTechs can come to market and create commercial partnerships – and, in turn, incentivise good cyber hygiene and cybersecurity techniques among the least-resourced companies, improving cyber resilience systemwide.

Today, the World Economic Forum’s FinTech Cybersecurity Consortium released recommendations for a common approach to cybersecurity controls. This provides a pathway for the private sector and public agencies to build on existing control and assessment frameworks, such as the Center for Internet Security Critical Security Controls.

To support the implementation of these recommendations, the Forum has joined the Management Board of the Cyber Risk Institute, where it will provide input on the development and scaling of the Financial Services Cybersecurity Profile.

What is the World Economic Forum doing on cybersecurity

The World Economic Forum's Centre for Cybersecurity is leading the global response to address systemic cybersecurity challenges and improve digital trust. We are an independent and impartial global platform committed to fostering international dialogues and collaboration on cybersecurity in the public and private sectors. We bridge the gap between cybersecurity experts and decision makers at the highest levels to reinforce the importance of cybersecurity as a key strategic priority.

Our community has three key priorities:

Strengthening Global Cooperation - to increase global cooperation between public and private stakeholders to foster a collective response to cybercrime and address key security challenges posed by barriers to cooperation.

Understanding Future Networks and Technology - to identify cybersecurity challenges and opportunities posed by new technologies, and accelerate forward-looking solutions.

Building Cyber Resilience - to develop and amplify scalable solutions to accelerate the adoption of best practices and increase cyber resilience.

Initiatives include building a partnership to address the global cyber enforcement gap through improving the efficiency and effectiveness of public-private collaboration in cybercrime investigations; equipping business decision makers and cybersecurity leaders with the tools necessary to govern cyber risks, protect business assets and investments from the impact of cyber-attacks; and enhancing cyber resilience across key industry sectors such as electricity, aviation and oil & gas. We also promote mission aligned initiatives championed by our partner organizations.

The Forum is also a signatory of the Paris Call for Trust and Security in Cyberspace which aims to ensure digital peace and security which encourages signatories to protect individuals and infrastructure, to protect intellectual property, to cooperate in defense, and refrain from doing harm.

For more information, please contact us.

Where to start?

Low-maturity FinTechs need a common cybersecurity framework and assessment process, tiered according to cybersecurity maturity levels and provide guidance for companies on when they need to adopt and enhance cybersecurity controls as they grow.

The solution should start with baseline requirements for controls and assessment, but also provide increasingly complex controls as organizations develop and as their cybersecurity risk management requirements mature.

The tiered approach to cybersecurity controls
The tiered approach to cybersecurity controls
Image: World Economic Forum

Controls require regular adaptation as technology, threats and business models change. They are granular, specific to the assets they are meant to protect, and may have a limited shelf life.

We recommend that these controls should be defined by financial services providers, where the expertise and funding can be deployed at speed, in consultation with cybersecurity experts from other sectors, governmental agencies and relevant civil-society organizations.

FinTechs have the potential to be the engines of innovation we need during the Great Reset. The findings of the World Economic Forum’s FinTech Cybersecurity Consortium provide a starting point on the path to a security management system to get them there.