Stefano Ciminelli an Executive Director, Financial Services at EY, asks if crypto-currencies are on your agenda? Here are four reasons why they should be.
A series of bad press stories has ensured that awareness of cyber risks has shot up the corporate boardroom agenda of late. Whether it’s the loss of customer data (and payment details), breaches of critical systems or other risks, CIOs are under pressure to catalog their organization’s potential cyber risks — and explain how they’re being mitigated. Getting this wrong can be a make-or-break issue for many CIOs.
But, while much attention has been given to a range of cyber threats, CIO awareness about one particular issue is largely nonexistent today: the use of so-called crypto-currencies, most notably Bitcoin. With companies testing this as an alternative means of fast, low-cost international payments from clients, and banks looking for new service offerings to develop, interest in these alternative currencies continues to grow.
The challenge is that there are a lot of myths floating around about such currencies, some of which are worth busting. Here are four common issues that crop up when talking crypto-currencies with CIOs:
1. CIOs don’t yet see a use case for Bitcoin in their organization
Crypto-currencies are hardly mainstream payment options today. But, despite the bad press, usage is rising sharply. In March, more than 110,000 daily transactions were recorded, with daily transaction values regularly bumping up over US$100m. For businesses in certain markets, particular attributes of crypto-currencies can be highly attractive. For example, they are essentially borderless, and thus can easily bypass embargoes. They are a handy countermeasure in highly inflationary markets and also incur little to no transaction costs. So, for companies operating in challenging markets, crypto-currencies can be an attractive way to deal with some key operating issues.
2. CIOs know that crypto-currencies are stored digitally, but consider this an issue for the CFO or the Treasury function
The reality is that organizations starting to test and adopt crypto-currencies face several important IT risks. As all CIOs know, the average security knowledge among end users is low. But it is individual users who are an increasingly easy target for cyber criminals. There is no “central bank” for Bitcoins. The value is simply stored on your computer. But few users realize that they should safeguard their computer, just as they would protect their wallet. These “coins” needs to be protected, encrypted and held offline as much as possible.
3. CIOs don’t recognize the crypto-currencies user issues
We hear horror stories all the time. A user might find a virus on their PC, and decide to simply format and reinstall their applications — only to realize they’ve lost all of their Bitcoins. Or an unpatched system could attract a piece of malware that is specifically designed to steal Bitcoins. This may sound like a message from 2001, but users need to keep their systems patched, updated and encrypted. But user awareness of these issues is still incredibly low right now.
4. CIOs at banks and other financial institutions are not aware of their exposure to other risks
Crypto-currencies are often perceived to be anonymous and untraceable. But, in reality, they’re pseudo-anonymous, with addresses and transactions retained forever, and in public. This can be especially tricky with regard to anti-money laundering and “know your customer” regulations, where it can be all too easy for banks to be in breach of these rules. CIOs need to be talking to their chief risk officer counterparts or their Security Operations Center about this, although few are today.
All in all, the emergence of crypto-currencies poses a range of questions for CIOs to consider and respond to. How urgent these are depends on an organization’s exposure to these currencies and the risk appetite of the organization to expand on this new business paradigm. One common starting point for all CIOs is to ask whether this topic is relevant to their client and needs to be on their cybersecurity agenda.