Given the size and the contribution of the financial sector to the Luxembourg economy it is essential that it is protected from cyber-attacks. However, recruiting the right personnel to meet the challenges of ever increasing digitalisation and regulation presents a major challenge.
Luxembourg has a lot going for it as a business location--Europe’s leading financial centre and second biggest funds centre in the world. Indeed, the financial sector represents the biggest single contributor to the county’s GDP, accounting for one third of the total, according to government data. That figure must be set to increase as more companies select Luxembourg as their post-Brexit home. It is therefore essential that we protect this asset.
According to the PwC 2018 Global Economic Crime and Fraud Survey, Luxembourg Report, “43% of Luxembourgish companies expect cybercrime to be the most disruptive to their organisations in the next 24 months…”. Stéphane Nassoy, cloud architect and GDPR officer at Lusis Luxembourg agrees.
In a recent interview with Delano, Nassoy said:
“We must take great care to protect the financial sector. Just think of the number of international banks and other financial institutions, as well as their service providers, that Luxembourg houses. We just need to look back at the LuxLeaks case and other security breaches to see that there are vulnerabilities. Large economic players make a perfect target for cyber-attacks.”
In his view, companies in Luxembourg accept the need for on-going cybersecurity. “They have become aware that security is constant, not a one-off event, and many are now seeking security audits to stay ahead of the game.” He explained that these audits are carried out by specialised companies that test the robustness of “cyber defences” and report back on potential weaknesses.
However, “the game” is getting more and more complicated, with the introduction of increased regulation in an attempt to match the pace of increased digitalisation. This requires compliance to new rules and constant training for the security professional carrying out the audits, which represents another complication. “With the push for digitalisation, it is difficult to find and recruit suitably qualified IT security experts.”
Nassoy believes this is only likely to get more challenging a result of the introduction of General Data Protection Regulation and revised Payment Service Directive (PSD2).
PSD2 is being hailed by industry commentators as a “game changer” that “will change banking as we know it”.
In summary, PSD2 is a revision of the Payment Service Directive introduced in 2007 to create the Single European Payments Area. Continued innovation and digitalisation since then has led to new entrants on the market offering new online and mobile services. The problem was that many of these new players fell outside the scope of the PSD and, therefore, we not regulated by the EU. PSD2 is broader in scope and aims to improve security and fraud prevention for consumers.