201 downloads
Cyber resilience continues to be a top priority for the financial services industry and a key area of attention for financial authorities. This is not surprising given that cyber incidents pose a significant threat to the stability of the financial system and the global economy. The financial system performs a number of key activities that support the real economy (eg deposit taking, lending, payments and settlement services). Cyber incidents can disrupt the information and communication technologies that support these activities and can lead to the misuse and abuse of data that such technologies process or store. This is complicated by the fact that the cyber threat landscape keeps evolving and becoming more complex amid continuous digitalisation, increased third-party dependencies and geopolitical tensions. Moreover, the cost of cyber incidents has continuously and significantly increased over the years.
This paper revisits cyber regulations in jurisdictions covered in a previous paper, as well as examining those issued in other jurisdictions. The paper finds that many jurisdictions, including in emerging market and developing economies, have introduced or enhanced bank cyber regulations in the past few years. This highlights that cyber security is a top priority for bank supervisory authorities worldwide. Moreover, cyber regulations have evolved and recent ones could be described as "second-generation". These newer regulations have a more embedded "assume breach" mentality and hence are more aligned with operational resilience concepts. As such, they focus on improving cyber resilience and providing banks and supervisors with specific tools to achieve this. Work by standard-setting bodies and the G7 have been instrumental in achieving convergence in cyber regulations but there may be scope to seek further convergence in testing the effectiveness of cyber resilience measures and third-party cyber risk management.
Comments (0)