top of page
  • Deborah

Cyber security is the protection of confidentiality, integrity and availability of information and information systems through the application of technologies, processes and controls.


As our society relies increasingly on digital and online services, combined with growth in Internet of Things (IoT) and work-from-home, the focus on safeguarding cyber security is underscored by the multiple reports of cyber threats (e.g. Malware, backdoors, cryptojacking, data breaches … ) and incidents as well as the related-costs.


Common type of cyber security include:

  • Critical infrastructure security (electricity grid, traffic lights, hospitals etc…)

  • IoT security

  • Network Security (new passwords, extra logins…)

  • Cloud security

  • Application security (antivirus, firewalls, encryption)


From a regulatory perspective, authorities worldwide have been taking action to mitigate against cyber risks, starting with providing guidance on prevention and mitigation to identifying best practices on effective response and recovery. Information sharing and reporting are also key elements of overall cyber frameworks.


Multiple IT and cyber risks have been recognised, including risks on security, availability and continuity, change, outsourcing, data integrity, internal audit and governance1. To ensure sound IT and cyber risk management, various guidelines have been developed to reinforce

(1) strategy and framework

(2) governance and risk management

(3) operations including monitoring and response

(4) change management

(5) third-party provider risk

(6) technology resilience and business continuity including recovery

(7) information sharing


For more cyber related definitions, refer to the Cyber Lexicon published by the Financial Stability Board (FSB).


Note

1https://www.bankingsupervision.europa.eu/banking/srep/2021/html/ssm.srep202107_outcomesrepitriskquestionnaire.en.html#toc1



Recent Posts

See All

Information, Communication Technology (ICT) systems, generally includes all hardware, software, applications and systems that combined enable people and organizations to communicate digitally. ICT enc

25 January 2023 - Comments requested on Financial Conduct Authority (FCA) proposed Sustainability Disclosure Requirements (SDR) and investment labels. 6 February 2023 - Comment period closes for the u

Last November, 2022 the Bank for International Settlements (BIS) and the International Organization of Securities Commissions (IOSCO) published their Level 3 assessment of cyber resilience on 37 Finan

bottom of page