Key concepts built into the Cyber Guidance include the following:
Board and senior management attention is critical to a successful cyber resilience strategy.
• The ability to resume operations quickly and safely after a successful cyber attack is paramount.
• FMIs should make use of good-quality threat intelligence and rigorous testing.
• Cyber resilience requires a process of continuous improvements.
• Cyber resilience cannot be achieved by an FMI alone; it is a collective endeavour of the whole “ecosystem”.
The proposed Cyber Guidance sets out the preparations and measures that FMIs should undertake to enhance their cyber resilience capabilities with the aim of limiting the escalating risks that cyber threats pose to individual FMIs and thereby to financial stability. It also provides authorities with a set of internationally agreed guidelines to support consistent and effective oversight and supervision of FMIs in the area of cyber risk.
The Cyber Guidance is primarily intended to create meaningful shifts in the FMI industry towards greater cyber resilience. In this regard, Mr Benoît Coeuré, Chairman of the CPMI, stated: “This is an important report because cyber attacks in the financial sector have the potential to create widespread financial instability. Nobody should assume they will be able to prevent cyber attacks in all circumstances. Therefore, the Cyber Guidance addresses the need for an FMI to resume its operations quickly and safely after an attack has occurred. This is not an easy task and may require innovative thinking that goes beyond the traditional approaches to operational resilience.”
Mr Greg Medcraft, Chairman of IOSCO, added: “The proposed Cyber Guidance is the culmination of extensive collaboration between IOSCO and the CPMI. It reflects an urgency to address the increasing risks that cyber threats pose to FMIs and financial stability, as well as the need for a coordinated approach. At the FMI level too, cyber resilience cannot be achieved by individual institutions alone in our highly interconnected financial sector. The broader ‘ecosystem’ needs to work in unison. The Guidance calls upon the ecosystem to do just that. We hope to collaborate with all stakeholders to meaningfully enhance the cyber resilience of our financial system as we refine these proposals and later implement them.”
Comments on the report should be submitted by Tuesday 23 February 2016.
Full report
© IOSCO
Key
Hover over the blue highlighted
text to view the acronym meaning
Hover
over these icons for more information
Comments:
No Comments for this Article