Great visit to DC to brief key House and Senate members and their staffs on the Cyber Risk Director Network (CRDN). In our meetings with policy makers, regulators, and the press we shared key findings from our December CRDN meeting. Lots of interest from policy makers to engage further on this important and timely topic.
Jonathan Day, Michael Mahoney, and King & Spalding partner Phyllis Sumner, made the rounds on Capitol Hill, meeting with:
- House Intelligence Committee Chairman Adam Schiff
- Representative Denver Riggleman
- Staff for Senators Jerry Moran, Mark Warner, Jack Reed and Richard Burr and Representatives Jim Himes and Jim Langevin
- Senate Banking Committee, Commerce Committee and Homeland Security Committee Staff
- House Financial Services Committee and Homeland Security Committee Staff
Cybersecurity has steadily risen on the list of critical risks facing large global companies. In some cases, threats of cyberattack and related privacy issues hamper these firms’ ability to pursue digital transformations critical to their competitiveness and even sustainability. Cyber risk is unquestionably a matter of strategy and a boardroom issue.
The inaugural meeting of the Cyber Risk Director Network (CRDN) took place in New York, on December 11, 2019. Its conclusions were sobering: even in companies where internal cybersecurity management is highly sophisticated, board oversight of this risk is still developing. It can be difficult to assess any company’s maturity in cyber risk governance.
Members discussed three broad topics; the ViewPoints linked to this page provide extended reading on each.
- Board oversight of cyber risk. Although some aspects of cyber governance fit well with standard ERM (Enterprise Risk Management) approaches, directors felt that these threats present an unprecedented challenge.
- Public-private collaboration. The nature of contemporary cyber threat means that corporate collaboration with government agencies is critical, but the state of this collaboration remains embryonic and potentially risky for the companies involved.
- Boards and cyber incident response. Responding to a major cyberattack often involves decisions about corporate strategy and purpose, not just technical and legal matters; the board’s involvement is therefore essential. But in many companies, incident response plans aren’t framed at boardroom level, and directors are still learning how best to engage in response planning and response activity.
The 2019 Financial Services Leadership Summit (FSLS) took place in October in Washington, DC. Directors and senior executives from among the largest banks and insurers globally, fintech executives, regulators, policymakers, and other subject matter experts convened for discussions focused on the resilience of the financial system in light of evolving risks to markets, business models, and technology, and the potential policy responses.
Ten years after the global financial crisis, the financial services business has changed. Large institutions have shored up capital and liquidity, new rules have been implemented, and supervision has tightened. Business models have also changed, and new models are emerging, as incumbents and fintechs adopt advanced technologies and tech companies wade into financial services. Now, financial services leaders are considering what might cause a future crisis and how prepared individual institutions and the system are to emerging sources of risk.
How resilient will new entrants and new models be to major dislocation? Are operational and technological resiliency or data integrity issues likely to trigger the next crisis? What tools and mechanisms do policymakers and regulators have to respond to a crisis? How might broader geopolitical issues impact financial services as regionalization replaces globalization? How resilient are traditional business models to systemic disruption? And can large firms in a sector so closely tied to the trajectory of the broader economy grow their business in a slow- or no-growth environment? Participants in the FSLS explored these and related questions and issues.
In May 2019, Tapestry and members and liaisons of the multistakeholder Steering Committee (SC), which oversees the progress of the diagnostic quality assurance pilot, met to discuss the pilot’s results. Since its launch in 2016, the pilot has aimed to create a process to compare the performance of molecular diagnostic tests that are used for selection of targeted therapies, using a test case of a next generation sequencing (NGS) diagnostic for a specific targeted cancer treatment. Earlier this year, 18 volunteer laboratories returned data to the pilot’s technical implementation team at the College of American Pathologists, marking an end to the pilot testing phase. The data compared performance of laboratories’ validated tests with specifications set by an FDA-approved companion diagnostic (CDx).
During the May meeting, the CAP’s Scientific Technical Working Group (STWG) leadership presented a summary of the dataset and lessons learned from implementing the pilot. Collectively, the STWG representatives and SC discussed the results’ technical implications, and their meaning for various stakeholders and SC members’ organizations. Moving forward, SC members are committed to sharing outcomes later in 2019 through a peer-reviewed technical publication, a white paper, and, potentially, through other mediums. Read more here