Cybersecurity ventures are on a roll. For the past two years, the sector has attracted more investment than any other RegTech industry. In 2018 it attracted 20.7% of all the investment and in 2019 that figure jumped to 37.2%, according to RegTech Analyst’s research. The compliance management and the identity verification sector respectively attracted 18% and 13.6% of the total RegTech funding.
However, the sector’s success might not be that difficult to understand. “Cybersecurity remains a huge part of the RegTech space simply because cyber risks exist for just about every business imaginable – whereas other financial crime risks like money laundering and terrorism financing typically apply to regulated entities in operating in the financial services, gaming, and designated non-financial services sectors,” Anthony Quinn, founder, and CEO of Arctic Intelligence, the RegTech company, tells RegTech Analyst.
Several high-profile breaches have brought the point home to regulated businesses that they need to up their game. In 2019 alone, Capital One suffered a breach that compromised 106 million customers’ accounts, Visa was hit by a point-of-sale attack launched through petrol stations’ payment systems and the billing and collections vendor American Medical Collection Agency also found a breach.
“[They need] to have a robust framework to identify, assess, mitigate and manage these risks whether that relates to cybercrime risks or broader financial crime risks like money laundering, bribery, and corruption, modern-day slavery, fraud, tax evasion or sanctions,” Quinn says. “At Arctic Intelligence, we have developed best-in-class risk and compliance management solutions that have been adopted by hundreds of clients across over 18 industry sectors and nine countries so far, so we are seeing other risk domains growing in importance.”
Business leaders are taking note of the risk, with 84% worrying about hack attacks. It’s easy to see how corporates are taking the threat of bad actors seriously. J.P. Morgan revealed in 2019 that it annually spend $600m on its digital defenses and that it had about 3,000 people working on the investment bank’s cybersecurity.
“[The] financial system is interconnected, and adversaries are smart and relentless – so we must continue to be vigilant,” said Jamie Dimon, CEO, and chairman of J.P. Morgan, in a statement to shareholders. “The good news is that the industry (plus many other industries), along with the full power of the federal government, are increasingly being mobilized to combat this threat.”
Another sign of the growing threat can be seen by Gartner. The research firm has estimated that the end-user spend on digital defenses will grow from $1.6bn in 2019 to $1.9bn in 2021.
“As executive management, boards, CISOs, and even compliance staff demand greater insights into their cybersecurity risk profiles, security services, and software tools enabling such metrics continue to grow in importance,” says E.J. Yerzak, director of the cyber IT group at CSS, the RegTech company, to RegTech Analyst. “Cyber threats and the resulting financial impacts of data breaches are driving much of this investment in cybersecurity and show no signs of abating any time soon as the threat landscape gets ever more challenging as time goes on.”
And he doesn’t think the trend is going to change anytime soon. “I don’t see cybersecurity spending as a percentage of overall budgets declining for financial firms, even as other parts of the RegTech industry mature, simply because financial firms can’t afford to let their guard down,” he says.
Oren Yunger, an investor at GGV Capital, shared a similar sentiment in a TechCrunch story in 2019. Yet, he offered a small caveat. He noted that while there has been a lot of deal activity in the sector and a massive number of new companies have entered the industry, this could also be the potential reason a potential cybersecurity bubble to pop. “With overvaluation of startups, market saturation, and the seemingly less-than-catastrophic impact of breaches, it’s no wonder why some are worried about the cybersecurity industry,” Yunger said.
Nevertheless, even though there is a risk of a cybersecurity bubble, the COVID-19 pandemic may have, for now, increased the demand for cybersecurity solutions. “The coronavirus pandemic has created a paradigm shift for many companies to a model in which the majority of staff are working from home environments,” says Yerzak.
This means that many employees have to share workspaces with both their partners and children, which could be distracting, to begin with. However, working remotely also comes with added cyber risks as colleagues are unable to alert each other of suspicious activities as easily as they would’ve had if they still shared an office.
Cybercriminals have taken advantage of this. Since February, bodies like the World Health Organization (WHO), the Federal Bureau of Investigation (FBI) and the European Central Bank (ECB) have warned that bad actors are trying to leverage the coronavirus to gain access to companies’ systems and money as well as people’s credit card information.
“Phishing scams related to the coronavirus have skyrocketed and the overnight rollout of videoconferencing and collaboration tools at some companies has left them vulnerable to security holes in these platforms, if not managed properly,” says Yerzak. “Fortunately, the cybersecurity sector is well poised to seize the opportunity to increase the assistance they can offer to remote and distributed workforces to keep the risk down.”
And governmental bodies are not resting on their laurels either. “Industry regulators including the SEC are already examining how financial firms are addressing the changes in operations from a risk standpoint. I think we will see a greater uptick in demand for phishing testing, security awareness training, and assistance in revising InfoSec policies to address changes in processes,” Yerzak says.
He adds that since the financial industry has only shut down about 10% of its services, the rest of the RegTech industry could find that the coronavirus could benefit them as well. “RegTech, by its very nature, is designed with remote cloud access and distributed workforces in mind and presents an incredibly viable solution to enable the seamless continuity of regulatory filings, even when firms can’t get their staff to their offices,” Yerzak says.
“I expect interest in and demand for cloud-based RegTech services offering a secure solution to increase substantially in the wake of the coronavirus pandemic as more financial firms take a step back and reassess their operations. I believe we will see with the benefit of hindsight that those firms with solid RegTech solutions in place were able to weather the storm easily from an operational perspective, enabling them to focus on what matters most – helping their clients.”