HSBC executive urges regulators to get real

Industry regulators need to listen to businesses more carefully before they introduce new codes of practice to improve corporate...

Industry regulators need to listen to businesses more carefully before they introduce new codes of practice to improve corporate information security standards, the security chief of one of the UK's high-street banks said last week.

Richard Hackworth, group security officer at HSBC, said he was concerned some regulators were producing regulations that introduced burdens on businesses but failed to generate any real improvements.

"Sometimes the complete picture of risk management is more complex than the regulator understands. The potential concern is that a regulator causes more problems by being prescriptive," he said.

HSBC has to deal with 350 regulatory bodies worldwide. They lay down rules ranging from the very general, such as "you must be secure", to the very prescriptive, such as "you must use this type of encryption", said Hackworth.

Problems can occur because the security priorities identified by regulators do not always match the real-world security priorities experienced by business, he said.

Hackworth said international bodies such as the UN should attempt to co-ordinate the work of regulators by arranging multinational conferences with businesses to discuss issues before new regulations are written.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close