Written By: Diana Bailey – Corporate Finance
Geopolitical risk is becoming a major issue of security for businesses and in particular the banking sector. Since his inauguration in January 2017, there remains a lot of uncertainty around Trump’s cybersecurity plans and policies. His election run-up placed a glaring spotlight on cybersecurity—with the media speculating that Russian hackers played a role in securing his presidential victory against Hillary CIinton. Now that Donald Trump is in office, his administration and the policy choices it will make are a primary concern for economic and political leaders across the globe.
As the leader of the United States, one of the world’s largest economies, Trump being in office has led to many questions from various political leaders and interested parties around the world. Further to this, cybersecurity is a growing risk on many fronts—in particular, geopolitical risk is a growing concern. One of the major questions for 2017 is how these two uncertainties will combine? One primary answer will be that the focus of cybersecurity will shift from that of security to privacy—this is one of Trump’s top priorities and is also a direct consequence of dealing with today’s geopolitical risk climate. Relevant US commentators have indicated that the Trump Administration will be preparing in particular for cyber-threats from nations looking specifically to disrupt the ideologies of US and Western economics and politics—with potentially the biggest threats coming from Iran, China and North Korea.
As a life-long “big business” man, Trump has already outlined plans to strengthen US corporate activity—this is likely to lead to increased ties between the government and the private sector. On the one hand, this has the power to improve business activities. On the other, this places businesses in political crosshairs when it comes to cyber-risks and the relevant adversaries. In particular Trump has been meeting with tech-sector executives to discuss changes to the online US business environment and infrastructure. Based on his past comments, Trump will enact protectionist policies that could lead to tensions with countries in which these tech companies currently outsource massive amounts of manufacturing and skilled labour.
In addition, how data is managed at these tech companies, as well as other online entities, is likely to change under Trump’s leadership. He has made it clear that he wants stronger cybersecurity and will seek to refine cybersecurity policies to protect US interests against dynamic and changing threats. Trump has outlined plans to increase spending on cybersecurity—in particular diverting more resources to the US cyber-command department. Trump will also likely seek to change regulatory cybersecurity policy—tightening restrictions and enhancing the NIST Cybersecurity Framework that was developed in direct consultation with the private sector. Trump’s enhanced concern with privacy will be somewhat of a double-edged sword. One the one hand, he will likely enact policies to protect US information and data from external breaches and hacking from global threats. However, on the other hand, it is likely that he will seek to reduce the privacy rights of US citizens. His administration has expressed a lesser regard for privacy when it comes to meeting security standards. For example, Trump’s team has supported an FBI case to force Apple to breach its iPhone privacy and security policy as part of gathering evidence in a case. When it comes to banking and finance, security and privacy are both critical elements of day-to-day operations. Encryption is the primary mechanism of maintaining secure and private communications and transactions over the Internet—this includes online banking, online shopping and many other online financial-transaction based services that have become a vital part of the economy. If the government gains access to encrypted communications, everyday security and privacy will be violated substantially and could lead to new risk exposures.
These types of changes in the security of everyday lives and transactions are likely to drive demand for a relatively new sector of insurance: cyber-insurance. The challenge for the providers of this insurance will be ascertaining the price—as the actuarial data and statistics are limited for this relatively new area. Although there will be a number of frictions to begin with, it will be worth the investment for insurance firms and underwriters that have been hit with numerous large claims in dealing with cybersecurity issues previously under more general guidance and coverage. Specialised expertise will help streamline this financial liability more effectively.
These factors understandably lead many to wonder what data and information the Trump Administration will be tracking in day-to-day life—will this extend to online transactions and services, cloud providers, personal computing and the currently expanding “Internet of things”? Will this lead to global parties tracking data and information in increasing volumes? Whether the lesser level of privacy will lead to greater security is questionable, and this action may in fact increase the risk of hacking and abuse of such collected data—leading to worsened levels of security. The stakes of cybersecurity have definitely changed with Trump as leader of the free world—the conundrum of effectively dealing with the uncertainty of these changes remains unsolved. Cybersecurity expertise and intelligence will need to be applied deftly in handling the fast-paced dynamics of these risks.