Strengthening Cybersecurity Regulation in the Financial System
05:01 19/09/2024 - PesoMXN.com
The National Banking and Securities Commission (CNBV) aims to unify the regulations that require financial institutions and financial service companies to report cybersecurity incidents in case they fall victim to a cyberattack. Recently, the regulator pointed out that there is no clear overview of all the attacks suffered by these institutions, as not all are required to report them, and many choose not to do so to protect their public image.
Luis Lima, who heads the supervision and information security at CNBV, told Expansión that it is crucial to standardize the regulations for all players in the financial system. “It is necessary to streamline the regulations and create obligations for all institutions. Additionally, it is important to refine the regulation to make it clearer, classifying by severity level, since not all incidents are of the same magnitude, thus raising awareness within the sectors,” he stated. Lima also emphasized that currently, banks, Sofipos, Sofomes, Socaps, Brokerage Firms, and other intermediaries have different cybersecurity regulations, which leads to imbalanced reporting. “Each sector has its own regulations, so changes are required in each one of them. It's a lengthy process, but the goal is to regulate not only the reports but cybersecurity comprehensively across all sectors,” he added. So far in 2024, the CNBV has recorded 15 attacks on financial institutions, of which 5 were on systems, 3 were data leaks, 2 involved ATMs, and 2 were credential thefts. There are also two other incidents affecting third parties that collaborate with the institutions, in addition to an online data exposure. However, the Bank of Mexico (Banxico) only reports two cybersecurity incidents: one against a bank and another against a Sofipo. As of September, the losses from these attacks total 140.49 million pesos, representing a 57.7% increase compared to the total damages caused throughout 2023. Economic losses from cyberattacks in 2022 were 25.25 million pesos, while in 2021 they reached 570.8 million pesos. Lima mentioned that while the current regulation for banks is “affordable,” there is still room for improvement.
The rising incidence of cyberattacks in the financial sector underscores the importance of more robust and clear regulation. This not only serves to protect institutions but also consumers and the overall stability of the financial system. It is crucial for companies to adopt advanced technologies and proactive security protocols to mitigate risks, and for regulators to keep pace with changes in the digital landscape.