Introduction
In an era where digital finance is rapidly transforming economies, especially in emerging markets, cybersecurity has become a paramount concern. This article draws insights from a panel discussion featuring Jean-Louis Perrier, Director of Africa Cybersecurity Resource Center (ACRC), Ardi Sutedja K., Chairman & Co-Founder of Indonesia Cyber Security Forum (ICSF), and Sarah Corley, Founder & CEO of the Alliance of Digital Finance Associations (ADFA). The discussion underscored the significance of cybersecurity in digital finance, the evolving regulatory frameworks, capacity building, and the crucial role of public-private partnerships (PPP) in enhancing cybersecurity resilience.
Regulatory Frameworks in Emerging Markets
Jean-Louis Perrier emphasized the diversity and evolving nature of regulatory frameworks in African emerging markets. With only a fraction of African countries having established national Computer Emergency Response Teams (CERT) or Cyber Security Agencies, the regulatory landscape remains fragmented. The complexity is further compounded by the diverse financial sector, comprising thousands of institutions ranging from large banks to microfinance entities and telecom providers. Jean-Louis Perrier advocates for “smart regulation” that adapts to varying levels of maturity and evolves over time, moving beyond mere compliance to fostering a robust cybersecurity ecosystem.
Information Sharing and Capacity Building
One of the critical challenges in emerging markets is the nascent stage of information sharing. Jean-Louis Perrier pointed out that ACRC is pioneering information sharing communities in Africa, facilitating the spread of cybersecurity knowledge across thousands of financial institutions. The lack of effective communication within financial networks often leads to repeated attacks on different branches of the same network. ACRC, through its partnerships with international cybersecurity bodies and African institutions, aims to bridge this gap by promoting trust and structured information exchange among financial entities.
Strategies for Capacity Building
Capacity building is crucial, especially for smaller financial institutions such as microfinance entities. These institutions often lack the regulatory requirements, human resources, and financial means to address cybersecurity challenges effectively. Jean-Louis Perrier described a comprehensive roadmap developed by ACRC that includes cybersecurity diagnostics, board-level awareness sessions, formal training for technical teams, and the provision of standardized procedures and open-source tools. This approach significantly reduces the effort and cost involved, enabling smaller institutions to enhance their cybersecurity posture.
Ardi Sutedja highlighted the importance of education in bridging the technological literacy gap in Indonesia. Despite the widespread use of the internet, many users lack the knowledge to use technology safely. His organisation, ICSF, focuses on educating both financial institutions and their customers, ensuring that everyone involved understands the cybersecurity risks and best practices. This holistic approach is crucial for fostering a security-conscious culture, which is fundamental for the effective use of any technological solution.
The Role of Technology
Both Jean-Louis Perrier and Ardi Sutedja agreed on the significant role technology plays in ensuring the security of financial transactions and customer data. However, they stressed that technology alone is not sufficient. Developing a culture of security awareness among employees and customers is essential. Jean-Louis Perrier pointed out the increasing complexity of financial ecosystems and the reliance on cloud services, which, despite their advantages, require careful management to avoid security breaches.
Public-Private Partnerships (PPP)
PPP is a cornerstone of effective cybersecurity strategies in emerging markets. Ardi Sutedja shared the success story of Indonesia’s cybersecurity agency, which originated from a PPP initiative. Such collaborations are crucial for information sharing and developing regulatory frameworks that keep pace with technological advancements. Jean-Louis Perrier echoed this sentiment, highlighting the necessity of PPP for fighting cybercrime, as advocated by Interpol. Developing trust between public and private sectors and fostering a collaborative mindset are essential steps toward a resilient cybersecurity framework.
Standardizing Cybersecurity Practices
Standardizing cybersecurity practices is vital for ensuring consistent protection across the financial sector. Jean-Louis Perrier emphasized ACRC’s role in bringing global best practices to Africa’s financial cybersecurity landscape. Adapting these practices to the local context is crucial for their effective implementation. Similarly, Ardi Sutedja mentioned ASEAN’s initiative to foster regional collaboration in cybersecurity, aiming to standardize technology and regulatory frameworks across Southeast Asia. Such regional efforts are essential for building a cohesive cybersecurity strategy that benefits all member countries.
Forecast for Cybersecurity in Emerging Economies
Looking ahead, the forecast for cybersecurity in Africa over the next five to ten years is challenging yet promising. Jean-Louis Perrier highlighted the stark shortage of cybersecurity experts, with only about 10,000 professionals against an estimated need of 300,000. This gap underscores the urgent need for substantial educational efforts, including the establishment of cybersecurity curricula at universities across all 54 African countries. To combat increasingly complex threats, higher education and specialized training, including PhDs, are essential.
Ardi Sutedja stressed that southeast Asia will face similar cybersecurity challenges as the rest of the world, given the global nature of cyber threats and technological advancements. Adversaries are evolving rapidly, often staying steps ahead of defenders. This necessitates a collective effort in resource allocation, information sharing, and strategic planning to keep pace with evolving threats.
Conclusion
The discussion highlighted the multifaceted approach required to fortify financial systems against cyber threats in emerging markets. Regulatory frameworks must evolve to accommodate diverse financial ecosystems, and capacity building should focus on both technological and human aspects of cybersecurity. Information sharing and education are pivotal in developing a security-conscious culture, while PPPs provide the collaborative foundation necessary for robust cybersecurity strategies. By adopting standardized practices and leveraging global best practices, emerging markets can enhance their digital resilience and ensure the safe inclusion of millions into the financial system.
To gain access to the entire transcript and watch the webinar’s recording, become an AGRC member today. Register here: Association of Governance, Risk & Compliance (agrc.org)