Good afternoon, and thank you for the opportunity to be here today.
First, I want to praise the committee for launching this study. Cybersecurity is one of the greatest challenges governments and businesses are facing at the present time, with serious implications for national security, financial stability and consumer protection.
I also want to congratulate the Government of Canada for launching its national cybersecurity strategy and establishing the Canadian Centre for Cyber Security. I had the opportunity to meet with the leadership of the centre today, and we at Mastercard look forward to supporting their work however we can.
Cybersecurity is a top global priority for Mastercard. Safety and security are foundational principles for every part of our business and the innovative technology platforms and services we enable. We know that secure products and services are essential to the trust our customers, cardholders, merchants and other partners place in us. Let me contextualize this.
As you probably know, Mastercard does not issue credit cards or have a direct relationship with consumers. That is the purview of the banks that issue our cards.
Mastercard is a technology company. We provide the network that allows consumers to use their Mastercard virtually anywhere in the world, in more than 210 countries and territories, and have those transactions processed in seconds, connecting 2.5 billion cardholders with tens of millions of merchants.
For us to provide value to banks, merchants and consumers who use our network, we must provide safety and security. We cannot afford to have any interruptions in the operations of our network.
We are also investing in innovation: enhancing our capabilities in-house; acquiring cutting-edge technology companies; and nurturing our Start Path group of curated start-ups, including five in Canada, connecting with our issuing partners to grow their business. Just last month, Mastercard entered into an agreement to acquire Toronto-based Ethoca, a fraud solution powered by collaboration between banks and merchants.
At a very high level, that's what we're doing. Please let me now turn to our advice for government, which falls into six main areas.
First, in a networked, interconnected digital world, we need cybersecurity solutions tailored to small and medium-sized businesses. Cybercriminals will seek out the weakest point in the system to launch an attack. Therefore, we need to provide a framework for small businesses to protect their operations. Mastercard is playing a leading role in defending SMEs as we stand up our Cyber Readiness Institute, which emphasizes the practical application of tools for small and medium-sized businesses. The institute also facilitates the workforce development needed to implement these cybersecurity risk management tools.
In addition, keeping with this focus, in February, Mastercard and the Global Cyber Alliance released a new cybersecurity tool kit specifically designed for SMEs. This is a free online resource available worldwide. It offers actionable guidance and tools with clear direction to combat the increasing volume of cyber-attacks. There are operational tools, how-to materials and recognized best practices, all with an action focus. This tool kit will be updated regularly.
Second, global companies frequently confront an expanding and overlapping set of cybersecurity regulations in different jurisdictions. Those need to be harmonized using a baseline framework. We understand good trilateral progress was made here in the context of the NAFTA renegotiation, developing a common framework to align and manage cybersecurity risks, which is encouraging.
Third, there is a need to improve identity management and authentication as more devices are connected online. We need a robust identity ecosystem to enable easier and more secure digital interactions and transactions that safeguard the privacy of our cardholders.
Fourth, with the Internet of things there will soon be 30 billion connected devices. This creates enormous opportunities for the digital economy, but it also increases cyber-risk. Therefore, governments and the private sector should develop standards to improve the interoperability and cyber-threat detection and prevention while removing friction from commerce.
Fifth, as cyber-threats grow, governments and the private sector face a shortage of employees with cybersecurity skills. The world needs to start training the next generation of cybersecurity experts, and government has a role to play. If you have kids or grandkids, get them hooked on cybersecurity and they can make a lot of money in their lifetime, because right now the needs are there but the qualified security personnel are not.
Finally, collaboration, information-sharing and bringing all stakeholders to the table are required to fight cybercrime. President Obama commissioned an expert task force on cybersecurity on which our CEO sat. The task force issued a series of recommendations. The CRI, which I mentioned earlier, is a direct offshoot of the task force's emphasis on securing SMEs.
I believe this issue is so fundamental to the future of our economy and society that it needs attention from leadership at the highest levels. Mastercard is ready to lend its expertise to the Government of Canada in much the same way.
I could talk for hours on the subject but I will stop here and happily take questions on the areas that are of most interest to you. I have tried to provide a snapshot of what we are doing and what we think governments should be doing.
Thank you again to the committee for having me here, and I look forward to your questions.