The firm’s “Cyber Regulation in Asia Pacific” report found that financial institutions struggle to:
- understand regulatory idiosyncrasies at the country level
- be cognizant of emerging threats
- design cyber risk programs that are coherent and robust across jurisdictions
There has also been a shortage of cybersecurity professionals in the industry, which could mean that firms may have difficulty staying up to date with the pace of changing threats
“Cybersecurity threats are not confined within national borders. The financial system is extensively interconnected and there is increasing information and communications technology interdependence within APAC,” the report said.
Last year, hackers used malware to steal some $101m from the Bangladesh central bank’s account at the Federal Reserve Bank of New York. In a separate incident, malware was also used to steal about $US2.17m from eight banks in Taiwan.
Law firms have not been spared either. Last June, law giant DLA Piper
said its advanced-warning system detected suspicious activity on its network that appeared to be connected with the “Petya” global cyberattack. In 2015, an email hack led to the infamous “Panama Papers” leak of that exposed client information of Panamanian law firm Mossack Fonseca.
Businesses operating in countries that have more advanced IT infrastructure and a bigger digital economy face greater cyber risks, the report said. Australia, Japan, Korea, and Singapore were nine times more vulnerable to cyber-attacks than other Asian economies.
“The lack of a harmonised and cooperative regulatory environment in part reflects the political, economic and socio-cultural variety in the region, the significantly differing technological capabilities and the geopolitical concerns unique to each nation,” the report said.
Corrs launches rapid-response cyber-security team
Law firm cyber attacks hit record high warns regulator
Law firms and financial institutions operating in APAC can expect to face more challenges ahead as cyberattacks become more sophisticated and far-reaching. The region’s cybersecurity regulation remains “fractured and localized” with no significant moves towards harmonization, according to a recent report by Deloitte.