Cybersecurity and GDPR: the Budget Battles


FineOps Report recently featured CEO of MCO, Brian Fahey in an article discussing cybersecurity and GDPR. Read an excerpt here, with a link to the full story at the bottom of the post.

Protecting critical data will top the list of challenges chief compliance officers face over the next three years. So will figuring out how to calculate and divide the budget with their IT, risk, finance and operations peers.

Chief compliance officers are responsible for protecting their firms from reputational and legal risk. They are accustomed to explaining policies and procedures downstream to multiple business lines. Yet when it comes to dealing with cybersecurity risk and information risk, they may be forced to deal with too many cooks in the kitchen, each adding expertise to come up with the right recipe for success or, at least avoiding regulatory fines. The budgeting process could be seamless or contentious depending on how many staffers and who is involved.

“Because of the high technology requirements to mitigate cybersecurity and information risk, we have far less say in the total budget spend and allocation process,” gripes one chief compliance officer at a New York bank.  “A decision that ordinarily ties up a few hours could end up taking a few days or even a few weeks.”

More than 40 percent of the 150 compliance managers at banks, broker-dealers and insurance companies surveyed by global consultancy Accenture expect to devote the bulk of their time addressing cybersecurity risk. A third of the respondents cite information risk as their top concern. Compliance investment will increase according to 89 percent of the respondents.

Read the full article here.