National Approach to Cyber Intrusion: A Comparison of United Kingdom & Canada

  • Alston Perianayagam, Special Advisor, Global Risk Institute
  • Richard Nesbitt, CEO, Global Risk Institute
  • Mark Caplan, President, Global Risk Institute
United Kingdom Canada flags blended together

OVERVIEW:

The Global Risk Institute in Financial Services annually surveys the Chief Risk Officers of its members to assess the risks which they view as having the most serious impact on their organizations should they occur. For both 2017 and 2018 the top risk identified is cyber risk. Vulnerability to cyber crime is serious and it is rising, as are the threats of cyber attacks:

  • New technologies, including new uses for data, are being increasingly adopted.
  • The functioning of critical infrastructure is increasingly dependent on networked technology. (Power plants, communication systems, transportation services, hospitals, payment systems, etc.)
  • Financial systems and networks are interconnected on an increasingly global basis.
  • Cyber intrusions are happening more frequently, with increasing levels of damage.
  • Cyber criminals are becoming more and more sophisticated.
  • Cyber criminals target:
    • Individuals – for access to personal information and financial assets.
    • Companies – for trade secrets/R&D, confidential corporate and client information.
    • Governments – for national defense secrets and citizen information.
    • Academic Institutions – for leading-edge research.
  • Foreign powers with significant financial resources are using cyber intrusion techniques to steal information, influence outcomes of elections and build foreign currency reserves.
  • Advances in technology, specifically quantum computing, could render obsolete much of the cryptography that protects current commercial (including financial) platforms.

In a recent interview, the head of the UK’s National Cyber Security Center warned that it was just a matter of when, not if, additional attacks would occur in the country, and that some attacks will get through, at which point the objective becomes cauterizing the damage. 

There are 100 countries that can deliver APT’s (advanced persistent threat) and live on your network and do anything they wish.

Combating this increasing risk requires a coherent strategy, clear structure and practiced response that provides effective coordination at the institutional, industrial, national and international levels.

This paper explores the national level landscapes within Canada and the United Kingdom as they relate to financial services. While national priorities, timing, and approach will always vary to some extent, we believe it to be a fair comparison given the UK and Canada are described as the third and fourth largest cybersecurity innovation hubs in the world. [1] 

While there are similarities in the approaches there are also differences. It is our belief that cyber risk management response strategies are most effective with significant cooperation across industry groups, governments, regulators and academia. We examine the developments over the past several years which led to the current national approaches. It is our hope that through a better understanding of differing national approaches we can advance the learning and discussion of the optimal way to protect the citizens, corporations, vital infrastructure, and economies.

Footnotes

[1] Deloitte, “Harnessing the cybersecurity opportunity for growth”, October 2016