Sign up for our free daily newsletter
YOUR PRIVACY - PLEASE READ CAREFULLY DATA PROTECTION STATEMENT
Below we explain how we will communicate with you. We set out how we use your data in our Privacy Policy.
Global City Media, and its associated brands will use the lawful basis of legitimate interests to use
the
contact details you have supplied to contact you regarding our publications, events, training,
reader
research, and other relevant information. We will always give you the option to opt out of our
marketing.
By clicking submit, you confirm that you understand and accept the Terms & Conditions and Privacy Policy
Andy Ozment, chief information security officer at Goldman, said ‘what's frustrating for me is how much of my time, my team's time and my resources are spent on having to answer a never-ending stream of regulator requests,’
Stream of requests
Mr Ozment said, ‘in my mind, it's a distraction away from cybersecurity.’ Mr Ozment, was speaking at a Wall Street Journal pro cybersecurity forum in New York. He discussed how companies must comply with regulations in each country they operate, and those rules can differ dramatically. Also, in the United States, there is no federal data breach notification law, and companies must comply with different notification laws across all 50 states. He suggested governments could do a better job of streamlining these many different and sometimes competing interests. Mr Ozment explained third-party oversight, where companies must evaluate all of their vendors for cyber risk, can also be difficult to manage. Companies spend a lot of time doing laborious risk assessments of their vendors, then have to answer the same assessments for the companies they serve.
24/7 is hard
Mr Ozment suggested government officials could do a better job of organizing a standardized response, and that industry could take the lead in pushing a standard, stating ‘the burden of constantly assessing each other and being assessed, it seems like an area ripe for involvement.’ He also said that companies need to be careful as well if they are considering outsourcing cybersecurity roles to countries that may support hacks against US companies, saying ‘it's hard to set up a 24/7 operation. I do think it matters what country they're in. If that's a country that's attacking you, I don't think that's a good idea.’ Mr Ozment rarely gives talks in public but is one of the most influential voices in financial services cybersecurity. He served as assistant secretary for cybersecurity and communications for the department of homeland security before taking the top security job at Goldman.
Email your news and story ideas to: [email protected]