“The main objective was and is to mitigate the consequences of the pandemic for companies in the financial market and for financial stability,” states the foreword of the brochure that has now been published, laying out BaFin’s supervisory priorities for 2021. As a result of the pandemic, IT and cyber risks have become an even greater focus of supervisory activity because the digital services offered by financial institutions are being used more than ever before in a time of restricted social interaction. At the same time, digital business models are continuing to gain ground.
Increasing risk from cyber attacks and internal incidents
IT systems are becoming increasingly important for the business activities of lending institutions, which means that the issue of cybersecurity is also gaining in importance. The financial supervisory authority classifies data theft and cybercrime-related system failures as “particularly relevant risks.” After all, IT disruptions or cyber attacks can result in systemic effects in addition to financial losses and lasting damage to the reputation of the affected companies. BaFin also sees increasing potential for risks in internal deficiencies and vulnerabilities in IT systems. The consequences of poor decisions in IT strategy are comparable to those of cyber attacks. Outdated systems that can only be maintained to a limited extent and insecure software are conducive to failures and data loss.
Outsourcing of IT services the focus of supervisory oversight
New IT regulations for payment and e-money institutions
Insurance supervision increasingly assessing IT governance and IT infrastructure
Consequences of the Wirecard scandal
Trend toward tighter regulation continues
In view of the heightened threat situation, BaFin’s move to ramp up its IT and cybersecurity controls is understandable. In its Risk Barometer 2021, the Allianz financial services company currently lists cyber incidents as the biggest risk factor for the financial industry. Last year, 23 percent of all cyber attacks targeted financial institutions. The number and intensity of DDoS attacks in particular are on the rise. The trend toward tighter regulation in the financial sector, which requires institutions to demonstrate greater commitment to IT security, data protection, and compliance, will continue in the future. With the planned EU Digital Operational Resilience Act (DORA), a new EU regulation that will place further requirements on financial entities is already in the starting blocks. Therefore, banks and financial service providers will have to deal with their IT architecture and compliance issues more intensively than ever before. In this context, external service providers for the outsourcing of digital processes represent an attractive option for reducing in-house effort while still optimally covering all IT security and compliance requirements.
Myra meets all BaFin requirements
As an experienced specialist service provider for cybersecurity in the financial sector, Myra Security has long provided support for material and immaterial outsourcing in accordance with KWG Section 25, MaRisk AT9, and BAIT. In addition, we already meet the risk management, reporting, testing, and outsourcing requirements relevant for DORA. Prestigious companies and organizations from the financial industry have been using Myra’s Security-as-a-Service platform for years to cover both their cybersecurity and compliance needs.