On October 13, 2017, the Financial Stability Board (FSB), an international body that monitors and makes recommendations about the global financial system, prepared a report on cybersecurity based on regulations, guidance, and practices around the world. The summary report was published together with a detailed analysis of the results. Notably, all 25 members of the FSB, which includes all of the G-20 group of industrialized nations, report that they have publicly released regulations or guidance that address cybersecurity. However, the FSB report found that it was “difficult to draw particular conclusions” from the varying regulations and that “there are considerable differences” in the regulatory regimes. Specific areas where regulatory regimes were noted to be different, and potentially conflicting, include: timetables for required notification to regulators with respect to security incidents; penetration testing requirements; governance; data leakage protection; two-factor authentication requirements; as well as potential conflicts between privacy law requirements and cybersecurity requirements. Even so, the report noted some commonalities, including the importance of risk-based or proportional supervision; the important role of the board and senior management; and communications, coordination, and information sharing.
The report demonstrates that while countries around the world are taking cybersecurity risks very seriously, the rules and regulations vary from jurisdiction to jurisdiction, and they will continue to change as jurisdictions attempt to keep up with ever changing technology.
TIP: It is important to understand the geographic scope of a company’s computer networks so that the company can comply with the cybersecurity requirements imposed by the varying jurisdictions in which the networks operate.
