Front page of the report

Become cyber-resilient

The FMA report Cyber-resilience in financial services clearly explains what the FMA expects all directors, senior managers and owners of financial services businesses to be doing regarding cyber-resilience. Some snippets:

  • The incidence and cost of successful cybercrime-related attacks continues to grow.
  • All firms should make use of the services provide by CERT NZ, which monitors cyber-incidents and provides adviser and alerts, and New Zealand’s National Cyber Security Centre (NCSC), which helps organisations protect their systems from cyber threats.
  • Market participants should include assessment of cyber-risk- both for their own firm and on a broader global level- as part of their wider risk-assessment and management programme.
  • Use a recognised cybersecurity framework to assist with planning, prioritising and managing cyber-resilience.
  • Have an appropriate balance between protection and detection measures- avoiding over-reliance on protection measures alone.
  • All market participants must have at a minimum, basic response and recovery plans in place.
  • Firm’s governance arrangements must include board and/or senior management ownership and visibility of the cyber-resilience framework.
  • All licensed firms should treat the risk of cyber-attack as real and plan accordingly.
  • Firms should subscribe to CERT’s free security advisories via email or follow their alerts on Twitter.

Radar (your online education platform) also has a CPD module relating to the FMA report. This enables you to read the report PLUS earn CPD hours - all in one easy location. Also check out our other Radar module, An adviser’s guide to cyber security to obtain additional CPD hours on this topic.