"This is a landmark report for the financial industry. FMIs have come to the fore as financial sector hubs at a time when cyber resilience is a key priority for the financial industry. This is indeed a timely document, and FMIs should take action immediately to implement its recommendations," said Benoît Cœuré, Chairman of the Committee on Payments and Market Infrastructures (CPMI).
The aim of the Cyber Guidance is to add momentum to the industry's ongoing efforts to enhance financial market infrastructures' (FMIs') ability to pre-empt cyber attacks, respond rapidly and effectively to them, and achieve faster and safer target recovery objectives if the attacks succeed. Another goal is to ensure that these efforts to build resilience are similar from one country to another. Thus, the Cyber Guidance provides authorities with a set of internationally agreed guidelines to support consistent and effective oversight and supervision of FMIs in the area of cyber risk.
Ashley Alder, Chairman of the International Organization of Securities Commissions (IOSCO), said: "Implementation of the guidance represents an important step in strengthening the cyber resilience of FMIs and the ecosystem within which they operate."
The safe and efficient operation of FMIs is essential to maintaining and promoting financial stability and economic growth. If not properly managed, FMIs can be a source of financial shocks, such as liquidity dislocations and credit losses, or a major channel through which these shocks are transmitted across domestic and international financial markets. In this context, the level of cyber resilience, which contributes to an FMI's operational resilience, can be a decisive factor in the overall resilience of the financial system and the broader economy.
Key concepts built into the Cyber Guidance include the following:
-
Sound cyber governance is key. Board and senior management attention is critical to a successful cyber resilience strategy.
-
The ability to resume operations quickly and safely after a successful cyber attack is paramount.
-
FMIs should make use of good-quality threat intelligence and rigorous testing.
-
FMIs should aim to instil a culture of cyber risk awareness and demonstrate ongoing re-evaluation and improvement of their cyber resilience at every level within the organisation.
-
Cyber resilience cannot be achieved by an FMI alone; it is a collective endeavour of the whole "ecosystem".
Press release
Full publication
© BIS - Bank for International Settlements
Key
Hover over the blue highlighted
text to view the acronym meaning
Hover
over these icons for more information
Comments:
No Comments for this Article