On June 29, the Committee on Payments and Market Infrastructures and the International Organization of Securities Commissions released a set of guidelines for strengthening cybersecurity at exchanges and other financial market infrastructures. The CPMI-IOSCO report is the first internationally agreed guidance on cybersecurity for the financial industry.
The guidance is intended to add momentum to the industry’s ongoing efforts to enhance financial market infrastructures’ ability to pre-empt cyber-attacks, respond rapidly and effectively to attacks and achieve faster and safer recovery objectives if the attacks succeed.
The report outlines key elements that cybersecurity frameworks should include:
- Involvement of board and senior management in cyber resilience strategies
- The ability to resume operations quickly after a cyber-attack
- Effective use of good-quality threat intelligence and rigorous testing
- Instilling a culture of cyber risk awareness and ongoing re-evaluation and improvement of systems at every level within an organization.
- Cyber resilience is a "collective endeavor" of the whole financial ecosystem rather than a single organization.