We’re in the midst of a global storm of activity by financial regulators on cybersecurity. For years there have been some generally applicable cybersecurity laws, but only a few directed specifically at financial institutions. The few laws focused on financial services were patchy – applicable to some businesses but not others, governing this activity but not that one. Then, in just the past few months, all that has changed. Now, financial services regulators are getting serious about cybersecurity as systemic threats come to the fore.
It’s time for financial institutions to take stock. What should they do today to prepare for these proposed and anticipated requirements? Where does this newest round of regulation fit into the overall trajectory of cybersecurity law? And what’s next? In this briefing, my colleagues and I answer these questions for the United States, the United Kingdom, Germany, Europe and Asia.