A conversation with Peter Hofmann, Custodigit
A conversation with Peter Hofmann, CEO of Custodigit
In the context of PwC’s 2020 Global Risk Study, we interviewed Peter Hofmann, CEO of Custodigit. During the conversation with Maria Sommerhalder, Blockchain Competence Centre at PwC, he explained his perception of cyber risks and how customers and risk experts are dealing with them.
How does Custodigit use data to identify and manage risks?
We don’t need all the available data, instead we take a closer look at some of them. We distinguish between cyber risks and product risks. With the former, Swisscom offers us excellent support. They let us know whether Custodigit data are purchased. They’ve also built scanners in the dark web, so-called honeypots, which search whether we appear somewhere on the net. On the product side, we monitor chains to see whether these are under attack.
Are artificial intelligence and machine learning a hot topic in risk management?
Yes, very much. Especially on the product side, our aim is to use machine learning to identify scams. Customers want to know that their product is better protected against fraud. But we’ve only just started out on our journey to integrate these new technologies.
What is the biggest hurdle preventing the use of new technologies at Custodigit?
Capacities and capital. We don’t have any serious concerns about not being able to find experts. Fortunately, we have enough machine learning experts in our wider environment.
“You know you work with the right experts internally when they have the ideal mindset to assess risks. You need a healthy level of paranoia.”
How are risk experts involved in decisions about investing in data and technology?
At our company, everyone’s involved. This is the advantage when a company only has six employees.
Is there an area in which your company is making significant changes, such as organising procedures or entering new markets?
We’re currently in the process of implementing the first business plan. Over the next couple of years, we’ll focus on stabilising the organisation as well as setting up and implementing processes accordingly.
When did your security experts face big challenges for the first time?
When the cyber attacks increased. We’re under quite heavy fire. Even our office environment, which is strictly decoupled from our product environment, is permanently being attacked. Therefore, we’re in regular contact with the security experts at Swisscom.
As a pioneer of new technologies, how do you know that you are correctly assessing risks and are taking appropriate action against them?
On the one hand we’ve got internal experience, and on the other hand we draw on expert knowledge from our ecosystem. We conducted intensive reviews when we designed the platform architecture. Hence, we involved a core developer from the bitcoin network.
How do you know that you have the right experts internally?
You know you work with the right experts internally when they have the ideal mindset to assess risks. You need a healthy level of paranoia. We also look at how long someone’s been active in the market, how much time they’ve had to gain experience and if they can demonstrate a certain learning curve.
“Customers who acquire crypto assets for the first time are initially euphoric, but then they become overanxious. Finally, the customers realise that the risks are manageable.”
How does the risk profile of your customers change when they acquire crypto assets for the first time and outsource to your company the safekeeping of those assets or the private keys?
Many of them know very little at the start and have limited awareness of the risk positions. Therefore, quite lengthy training is required until they’re able to identify and assess risks. It also takes a long time for them to understand how to be able to address these risks. Initially our customers are very euphoric, then they become overanxious. Finally, the customers realise that the risks are manageable.
How do customers respond to the risk changes? Do they need new tools or more employees?
New tools are required for these risks, such as chain analysis tools. The employees also need to have a new mindset. So, ultimately, it’s not a question of resources, but more a matter of training.
How will blockchain technology change the work of risk experts in the next three to five years?
We tend to overestimate the short-term impacts and underestimate the long-term ones. I don’t expect the risk landscape to change completely. But I believe that the risks experts will be faced with entirely new challenges in their work. In three years’ time, they’ll become more important but will no longer be the main focal point. In five years’ time, I hope that this will account for a substantial part of the work. The cyber risks themselves won’t change entirely, either. But blockchain will stand for total and transparent traceability.
How will the collaboration between risk experts and their use of data and technologies develop in the future?
We expect there to be a certain change, especially in the finance industry. We need to get familiar with the topic as quickly as possible in order to build up a realistic assessment and identify that there are indeed new risks but that they can be managed.
