High stakes on cyber regulation: PARIMA

The stakes could “not be higher” for Asia-Pacific risk managers as they contend with increased cyber regulation and data protection laws, according to PARIMA General Secretary Steve Tunstall.

While cyber has been an important issue for some time, it has “increased in importance in recent years”, according to Tunstall, as Asia-Pacific jurisdictions take a stronger line on regulatory enforcement. He said regulators would place more emphasis on individual accountability in the coming years.

Tunstall says cyber regulation has become a “critical issue for governments, regulators and corporates across the region”, with a greater emphasis on data protection and governance. “Managing the implementation of cyber solutions, from a compliance and opportunity point of view, should be front and centre for every risk manager in the region,” he said.

Tunstall said enforcement was becoming “much stronger than in the past”, as other countries in the region follow the lead of countries such as Japan, Hong Kong, Australia, and New Zealand. He said the stakes were high for risk managers. “If this is not number one on your to-do list as a risk manager, it should be close to it. It will affect companies in every sector.”

He underlined the reputational impact of data breaches. “If you fail to effectively manage customer data, not only with you receive regulatory censures, but customers will vote with their feet,” he said. “While for government departments and the public sector, a breach becomes a major issue.”

Tunstall called on risk managers to stay on top of technological developments in their business, as technology becomes more important across all company functions. “As the lines between different departments merge, tech is the oil in that machine. You need to consider whether every department is treating data and technology high level seriously. It should be obvious that handling data correctly is a critical objective of your team.”

To manage cyber regulation risk effectively, Tunstall believes risk managers need to be “in the room” with board members to tackle the topic. “They have to want to be part of the conversation,” he added.

He said risk managers need to build knowledge on cyber regulation to communicate effectively. “As well as an understanding of the operational aspects of data use, a level of technical knowledge is vital. You can’t walk into a boardroom and hope to expect to engage with management effectively if you can’t communicate around the technical aspects. It’s the only way you can bring value to the discussion.”