From a cybersecurity risk governance perspective, the FSC will expect as a minimum from the Management Companies the following: understanding of the cyber risks, vulnerabilities and impact associated in running their businesses, with supporting documentation; putting into place appropriate policies and procedures duly approved by the board to mitigate the risks; carrying out an annual […]

Protecting your IT system and the information it holds is essential. An IT systems failure, cyberattack or data loss can be catastrophic for your business. As well as installing security software, you need to look at physical security and the way you manage your IT systems. An effective backup routine is vital. The threats Computer […]

September 7, 2017 — Equifax Inc. (NYSE: EFX) today announced a cybersecurity incident potentially impacting approximately 143 million U.S. consumers. Criminals exploited a U.S. website application vulnerability to gain access to certain files. Based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017. The company has found no evidence of unauthorized […]

Following an earlier consultation the International Association of Insurance Supervisors (IAIS) has published an issues paper on cyber risk to the insurance sector. The objectives of the paper are to raise awareness for insurers and supervisors of the challenges presented by cyber risk, including current and contemplated supervisory approaches for addressing these risks. As an […]

On 17 May 2016, TheCityUK published a report on how to make the UK financial and professional services sector more resilient to cyber attack. The report seeks to build on the work already done by the UK government and includes recommendations for practical steps financial firms can take individually, and collectively, to improve their cyber […]

On 10 May 2016, the Bank of England (BoE) published a speech given by Will Brandon, BoE Chief Information Security Officer, on the approach financial institutions should take to managing cyber-risk. Mr Brandon argues that cyber-risk can be managed like anything else that can damage a firm’s business, by understanding it and balancing investment in […]