The International Organization of Securities Commissions (IOSCO) and the Committee on Payments and Market Infrastructures (CPMI) released guidance on cyber resilience for financial market infrastructures (FMIs), which they say represents the first-ever edition of internationally agreed guidance for the financial sector.
The guidance calls on firms to develop good-quality threat intelligence, to undertake rigorous testing, and to try and instil a culture of cyber risk awareness throughout their organizations. It also stresses that the ability to resume operations quickly after a successful cyber attack is “paramount.”
The new guidance is being launched “against the backdrop of a rising number of cyber attacks against the financial services sector,” the regulators note, adding that these attacks are also becoming increasingly sophisticated.
“This is a landmark report for the financial industry. FMIs have come to the fore as financial sector hubs at a time when cyber resilience is a key priority for the financial industry. This is indeed a timely document, and FMIs should take action immediately to implement its recommendations,” says Benoît Coeuré, chairman of the CPMI, in a statement.
The guidance aims to “add momentum” to the industry’s efforts to enhance the ability of financial market infrastructure firms to deal with cyber attacks by averting them as much as possible, responding rapidly to attacks that do happen, and recovering from successful attacks, the regulators say. It also seeks to develop similar levels of resilience from one country to another.
“Implementation of the guidance represents an important step in strengthening the cyber resilience of FMIs and the ecosystem within which they operate,” says Ashley Alder, chairman of IOSCO, in a statement.