Cybersecurity remains an obstacle to wider crypto adoption
getty
Even as regulators, major financial institutions, and investors of all sizes continue to pivot and move toward embracing cryptoassets and crypto payments there is a major obstacle to wider adoption that has yet to be effectively addressed; cybersecurity concerns. While it is true that every application contains within it some level of cybersecurity risk – including that of loss – crypto and other on-chain assets remain uniquely exposed to these factors, at least as far as public opinion is concerned.
According to research by the Pew Center 63% of survey respondents indicates that they do not think cryptocurrenices are safe to use, which continues to be reflected in the percentage of surveyed adults that use crypto for transactional purposes. The 17% of respondents that report having used crypto for transactional purposes has remained unchanged since 2021, even as almost every aspect of the cryptoasset landscape has continued to expand and further mature. Cyber risks are clearly not the only reason behind these statistics as volatility, headline risks, and political tensions all contribute to the opinions of investors with regards to crypto, but it is not one that can be ignored.
With powerful regulators such as the OCC and FDIC issuing pronouncements and policies that will make it simpler, cheaper, and easier for TradFi institutions to get into crypto, effective cyber policies to protect these assets will become more important going forward. Let’s take a look at a few things that investors – of all sizes – should keep in mind.
Borrow And Update Best Practices
The banking and payment industries are among the most highly regulated and supervised markets in the world, and the obvious reason for this is that in order to maintain confidence in the banking system – and markets at large – the trust in these operations must be absolute. Following years of patchwork enforcement efforts, including an anti-crypto regime at the SEC, there finally seems to be progress on effective, common-sense, and actionable regulation for crypto payments. The European Union has enacted the MiCA regulation, which while not a perfect regulatory framework does at least provide a starting point for entrepreneurs and regulators to work from.
In the United States there are multiple bills that have been introduced, with the STABLE Act receiving committee approval to move forward for subsequent votes. By mandating audits, compliance practices on par with existing TradFi policies, and requiring communications related to any issues in real-time as they arise, the regulators and industry are taking proactive steps to establish much-needed frameworks for operation.
That said, at the individual firm level, the executive team must adopt a proactive approach and not wait for legislation to eventually make its way to market; demand is already here, investors and customers expect firms to adapt, but management must ensure any such adoption is done in a well-though-out manner.
Employee And Investor Education Is Paramount
Even as the boundaries between the crypto and TradFi sectors continue to blur the specifics as to how on-chain assets operate are substantially different from existing payment rails. Cryptoassets, even those that are built and designed with a dollar-peg and intended to be used in the same manner as dollars, require different controls and policy protections versus other payment options. These differences include, but are not limited to, the following.
Wallet management is something that should be discussed at every level of the control and payment process including whether or not the firm in question wishes to engage in self-custody practices, utilize a third-party service provider, and how to implement a multi-signature or multi-party computation wallet. Pros and cons exist for all options and need to be evaluated based on the needs and technical expertise of the individuals at the firm. Private key management is also something that should be highlighted if and when crypto payments are integrated within Treasury operations, and this conversation should include a discussion of hot wallets, cold storage, and whether or not the private keys are to be stored at a third-party institution.
Last but not least the control measures should also be modified within the firm to ensure that the existing infrastructure and administrative rights/access are updated to reflect the changes made to implement tokenized payments.
Lower Volatility Does Not Mean Lower Risk
Investors and management professionals would be well advised to understand that just because a token or asset is purported to have lower volatility when compared to other cryptocurrencies such as bitcoin or ether does not mean these tokens are lower risk. While the headline risk and volatility are well connected to cryptocurrencies that can overshadow the legitimate risks that accompany cryptoassets such as stablecoins. Just because a specific cryptoasset in question does not experience levels of volatility or dramatic trading volume does not mean the asset itself is lower in risk.
When combined with the increased interest and appetite surrounding cryptoassets the entry of new firms into the cryptoasset sector creates an almost irresistible combination for hackers and other unethical actors. The recent ByBit hack is an example of how sophisticated hackers can take advantage of internal control issues via supply chain partners, even if the internal controls at the firm in question have been updated. Stablecoins are worth a combined hundreds of billions in market capitalization, are able to be transferred instantaneously, and can be redeemed or off-ramped to fiat currencies on an on-demand basis.
Cybersecurity is an imperative for all organizations, and the increased adoption of cryptoassets is set to accelerate these conversations moving forward.
