Trusted Fintech Program

International Edition - Cohort 2

CyberSecurity Trust Label for Fintech, Regtech and Insurtech startups and scale-ups

CyberSecurity Trust Label for Fintech, Regtech and Insurtech startups and scale-ups

Objectives

After completing this program, key persons of your company will have been immersed in the world of CyberSecurity (just enough, not too much), and equipped with insights and best practices needed to avoid a breach of customer data, intellectual property or trade secrets, and bottom line to protect reputation and brand of your company and the companies you partner with or work for.

The Program will offer you very tangible and immediate applicable tips, tools and techniques in order to improve your cybersecurity skills, processes and technologies. After successful completion of this Program your company will receive the “Trusted Fintech” label that you can use to show your commitment to better CyberSecurity.

Unique about this program is that it goes far beyond traditional classroom-based training by leveraging the B-Hive CyberSecurity community and incorporating our members’ insights and services into the program as well.

By joining this Program, we will have your website/application tested by ethical hackers, research the external attack surface of your business before somebody else does, have feedback on your incident response processes, get insights from a cybersecurity assessor at a large organization tasked with third-party vendor security, you will experience the stress of a cyber incident during a simulated data breach role-play game, etc.

On top, we believe that CyberSecurity isn’t a competitive advantage. If one Fintech gets hacked and data is breached, overall trust in the Fintech ecosystem decreases. Combating cybercrime and safeguarding customer information is a shared responsibility, so during the program we will facilitate you to network with the CyberSecurity community and security experts of other Fintechs, so that you can establish long-lasting relationships that will hopefully enable CyberSecurity collaboration and information exchange between your companies.

 

For Whom?

For technical founders, CTO’s, chiefs of software development, software architects, senior developers, security officers, data protection officers... working at digital companies active in the FINTECH, REGTECH or INSURTECH. We welcome all companies ranging from early stage startup to scaleup.

The program includes access for THREE people of your company to attend.

 

Why This Program?

The speed of digital transformation forces large enterprises to increasingly make use of smaller software-based tech companies in order to keep up with the pace of their competition. Meanwhile, data breaches continue to dominate the headlines. A worrying observation is that cyber criminals are targeting large enterprises more and more by targeting their suppliers, leading to a steep increase in third-party vendor data breaches.

As a result, large enterprises are increasing the time and energy they are spending on making sure their suppliers have implemented the highest security standards through recurring cybersecurity risk assessments and by using lengthy questionnaires. After all, there is a lot at stake; if consumer data is breached, the enterprises remain responsible. Most large enterprises have a rigid approach to procurement and third-party vendor risk management, and they often try to transfer their risks to their suppliers. In reality, however, most of the often-smaller suppliers don’t have sufficient financial backing to survive in case their end customers’ data would be breached.

You’re not done with CyberSecurity just by assigning the role of “Security Officer” to someone in your team and buying a few tools. Approaches to innovation such as “design thinking” and “minimum viable product” are great, but should never be a reason to “add security much later”. Security should be embedded in the DNA of every software company from day one. The cost of implementing an adequate security program increases exponentially the longer you wait down the product development roadmap.

Included in this program, you will:

  • Learn the basics (and shortcuts) needed to run an effective Information Security Management Program, and significantly increase the Cyber Resilience of your startup

  • Get 1:1 feedback on your third-party security assessment response, and learn how to fill in the lengthy questionnaires that large organizations send to you prior to a collaboration

  • Get an individual sweep (by Sweepatic) of your publicly visible on-line assets

  • Get a penetration test of your site & app (2 days analyst)

  • Get 1:1 help to develop an individual Security Policy for your company

  • Get 1:1 help to develop an individual Incident Response Plan for your company

  • Get 1:1 advice on your current software security architecture

  • Get 1:1 advice on your cloud security architecture

  • Get access to additional computer learning on Secure Coding for your whole team

  • Have the opportunity to network with our B-Hive partners, interesting European organizations and agencies for trade and investment

  • Receive the valuable “B-Hive Trusted Fintech” label

 

WHAT OUR PARTNERS ARE SAYING

Our customers expect banking solutions that are easy and safe to use. We do this by applying high standards in the areas of quality, reliability, security, and the protection of data and privacy – both for internally developed solutions, as well as for those that are built with partners. For that reason, we welcome B-Hive’s TrustedFintech Program. It will raise awareness among FinTechs, and enable them to design solutions that integrate security and privacy requirements from the start
— Jan De Blauwe, Head of Global Security at BNP Paribas Fortis
The result of Digital transformation and Open Banking is that our risk landscape is more and more including external solutions that we don’t operate and protect ourselves. We see that with smaller startups and scaleups there is often a gap between their notion of CyberSecurity and the level of protection we require them to have. That is why we are so supportive of the B-Hive Trusted Fintech program, as it really aims to immerse the staff of those companies, from the developers to the founders, in the world of Information Protection. Organizations joining this program give us an important signal of how much they value the safeguarding of information, ultimately protecting brand and reputation.
— Jan Nys, General Manager Information Risk and Infrastructure Architecture of KBC Group
It is a misconception that fintechs and banks are opponents. Banks need fintechs for their digitisation projects and fintechs need to leverage the expertise of banks to deliver on their selling proposition. However, lack of visibility about cyber risk management capacity and strict rules, including in the area of outsourcing, are often a stumbling block to smooth cooperation between fintechs and banks. With this label, we offer a solution to this problem. A quality label will help fintechs and banks to work together more quickly. This is a unique initiative in Europe that has Febelfin’s full support.
— Karel Van Eetvelt, CEO of Febelfin
 

AS SEEN IN

 

Practical Info: Price, Dates and What is included?

The cost for a company to join the residential edition of this program is as follows:

FULL PRICE: € 12.650,- per company

  • All prices VAT not included (European companies not located in Belgium will not be charged VAT provided they have a European VAT number)

  • Member of B-HIVE or selected Fintech HUBS: € 500,- discount

  • 2 people instead of 3: € 250,- discount

  • 1 person instead of 3: € 500,- discount

  • Example:

    • If you are a member of a connected Fintech hub and join the program with 2 people you’ll pay € 11.900,- excl. VAT

    • Add train or flights, bed and breakfast

  • Funding tips: check with your government if you can apply to local subsidies. Also talk to your investor, they might want to fund this effort as well.

INCLUDED:

  • 5 days packed with learning, immediately usable tools and techniques, networking and fun

  • All the 1:1 advice and services as described above, such as the Penetration Test, the Sweep, TPSA feedback, Security Policy, Incident Response Plan, Security Architecture feedback, etc.

  • THREE (3) people of your company to join 1 full week of training sessions

  • A cool personalized bag with all your training material

  • Welcome drinks on Sunday evening

  • Lunch and coffee breaks on Monday, Tuesday, Wednesday, Thursday, Friday

  • Dinners on Monday, Tuesday, Wednesday and Thursday

NOT INCLUDED:

  • Hotel costs (there is a wide variety nearby in all price categories)

  • Breakfast (please book bed & breakfast or have a breakfast in one of the nearby facilities or coffee shops)

  • Personal expenses and alcoholic beverages

  • Travel cost (airline etc.)

LOCATION:

A 4* Hotel in the center of Brussels, Carrefour de l'Europe, 1 minute from Grand Place, next to the underground train station “Brussels Central”.

This is a RESIDENTIAL program for INTERNATIONAL FINTECH, REGTECH and INSURTECH startups.

 

what’s on the agenda?:

This is a preview of what you might expect if you sign up for our program (Timing might differ)!

  • Day 1

    • Arrive in Brussels - Free Time

    • 20:00 Welcoming Drink for Those Who Have Already Arrived

  • Day 2

    • 08:00 - 10:00 : Welcome, Practicalities & Registration

    • 10:00 : Formal Start of the Program

    • 10:00 - 19:00 : Sessions

    • 20:00 : Dinner

  • Day 3

    • 09:00 - 19:00 : Sessions

    • 20:00 : Guided Tour and Food Tasting Experience in Brussels

  • Day 4

    • 09:00 - 18:00 : Sessions

    • 19:00 : Networking Event with B-Hive Partners & Members including Walking Dinner

  • Day 5

    • 09:00 - 19:00 : Sessions

    • 20:00 : Dinner

  • Day 6

    • 09:00 - 12:00 : Sessions

    • 12:00 : Lunch and Formal End of the Program

    • Afternoon: Fly or Drive Back Home

 

Detailed program

CyberSecurity Fundamentals

  • CyberSecurity Concepts

  • Architecture principles

  • Security of networks, systems, applications and data

  • Typical CyberSecurity “maturity steps” taken by digital startups

Secure Technology

  • Application Security

  • Secure Coding

  • Web Security

  • Cloud Security

  • Mobile Security

  • Security Architecture

Regulation and Certification

  • NIS Directive, GDPR, eIDAS, ePrivacy, CyberSecurity Act, financial regulations

  • Frameworks

  • NIST, ISO

  • BoK and certificates

Incident and Data Breach Management

  • Breach handling requirements

  • Frameworks and standards

  • Practical issues

  • Examples

  • Data Breach Simulation Game

360° Third-Party Vendor Risk

  • Common practices and frameworks used by sourcing departments

  • What an assessor looks for

  • Three lines of defense in a sourcing environment

 

ADDITIONAL CONTENT BROUGHT BY OUR COMMUNITY PARTNERS

 

Sorry, registrations are closed but if you want more information, leave your details below

http://
Name *
Name
Plan de travail 1DFE.jpg