IT disaster recovery, cloud computing and information security news

CPMI and IOSCO release cyber resilience guidance for financial market infrastructures

Details

The Committee on Payments and Market Infrastructures (CPMI) and the Board of the International Organization of Securities Commissions (IOSCO) have published a new document, ‘Guidance on cyber resilience for financial market infrastructures’. This is the first internationally agreed guidance on cyber security for the financial industry. It has been developed against the backdrop of a rising number of cyber-attacks against the financial sector and in a context where attacks are becoming increasingly sophisticated.

“This is a landmark report for the financial industry. Financial market infrastructures [FMIs] have come to the fore as financial sector hubs at a time when cyber resilience is a key priority for the financial industry. This is indeed a timely document, and FMIs should take action immediately to implement its recommendations,” said Benoît Cœuré, chairman of the CPMI.

The aim of the guidance is to add momentum to the industry’s ongoing efforts to enhance FMIs’ ability to pre-empt cyber-attacks, respond rapidly and effectively to them, and achieve faster and safer target recovery objectives if the attacks succeed. Another goal is to ensure that these efforts to build resilience are similar from one country to another.

Guidance on cyber resilience for financial market infrastructures provides authorities with a set of internationally agreed guidelines to support consistent and effective oversight and supervision of FMIs in the area of cyber risk.

Key concepts built into the guidance include the following:

  • Sound cyber governance is key. Board and senior management attention is critical to a successful cyber resilience strategy.
  • The ability to resume operations quickly and safely after a successful cyber attack is paramount.
  • FMIs should make use of good-quality threat intelligence and rigorous testing.
  • FMIs should aim to instil a culture of cyber risk awareness and demonstrate ongoing re-evaluation and improvement of their cyber resilience at every level within the organisation.
  • Cyber resilience cannot be achieved by an FMI alone; it is a collective endeavour of the whole ‘ecosystem’.
Read the guidance (PDF).


Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

Root Cause Analysis
The BIA Guide

Additional Resources

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.