The FMA report Cyber-resilience in financial services clearly explains what the FMA expects all directors, senior managers and owners of financial services businesses to be doing regarding cyber-resilience. Some snippets:
- The incidence and cost of successful cybercrime-related attacks continues to grow.
- All firms should make use of the services provide by CERT NZ, which monitors cyber-incidents and provides adviser and alerts, and New Zealand’s National Cyber Security Centre (NCSC), which helps organisations protect their systems from cyber threats.
- Market participants should include assessment of cyber-risk- both for their own firm and on a broader global level- as part of their wider risk-assessment and management programme.
- Use a recognised cybersecurity framework to assist with planning, prioritising and managing cyber-resilience.
- Have an appropriate balance between protection and detection measures- avoiding over-reliance on protection measures alone.
- All market participants must have at a minimum, basic response and recovery plans in place.
- Firm’s governance arrangements must include board and/or senior management ownership and visibility of the cyber-resilience framework.
- All licensed firms should treat the risk of cyber-attack as real and plan accordingly.
- Firms should subscribe to CERT’s free security advisories via email or follow their alerts on Twitter.
Radar (your online education platform) also has a CPD module relating to the FMA report. This enables you to read the report PLUS earn CPD hours - all in one easy location. Also check out our other Radar module, An adviser’s guide to cyber security to obtain additional CPD hours on this topic.