Cyber-resilience in FMA-regulated financial services

On 11 July 2019, the Financial Markets Authority (FMA) released a report on their review of cyber-resilience in New Zealand financial services.

The report summarises the findings and provides guidance for firms where the need for improvement has been identified. The FMA has encouraged sector participants to comply with its expectations and best practice.

“Cyber-risk encompasses all risk of loss, disruption, or damage to a firm caused by failure in its information technology systems – from both internal and external threats. The interconnectedness of the financial sector means any part of it might be an entry point for a wider cyber-incident.”

The report goes on to recommend that all market participants should assess cyber-risk as part of their wider risk-assessment and management programme.

“We also strongly encourage all market participants to use a recognised cybersecurity framework to assist with planning, prioritising and managing their cyber-resilience. The National Institute of Standards and Technology (NIST) cybersecurity framework core, for example, enables firms to assess maturity across five functions: Identify, Protect, Detect, Respond, and Recover.”

Read the report here:

https://www.fma.govt.nz/compliance/guidance-library/cyber-resilience-in-fma-regulated-financial-services/