Central Bank of Ireland clarifies expectations of firms in relation to cyber risks

Maria Nikolova

Deputy Governor, Prudential Regulation, Ed Sibley highlights the need for firms to build resilience and to be able to recover from technology-related risks.

Cybersecurity matters remain high on the agenda of financial regulators across the globe. This was highlighted earlier today in a speech delivered by Ed Sibley – Deputy Governor, Prudential Regulation, at the Central Bank of Ireland. Mr Sibley spoke about the need for financial firms to build resilience into their systems to meet the challenges that technological innovation and competition pose.

Mr Sibley reminded that, in 2016, the Central Bank issued the Cross Industry Guidance in respect of IT and Cybersecurity Risks, which outlined the minimum expectations of firms in relation to these risks. He stressed that much more needs to be done to meet these expectations.

“Cyber-security needs to become part of the culture of an organisation and an integral part of the organisation’s risk management, crisis management, and business continuity planning”, Mr Sibley said.

Senior management and boards of financial services firms need to control these critical risks and build resilience in their firms to be able to endure and survive operational or technology-related shocks, be they systems failures, change processes gone wrong, or a data breach.

The Central Bank has seen a lot of progress in the area of IT risk management and resilience, but there is huge amount of work still to be done. Almost three quarters of the central bank’s findings from on-site inspections relate to four key areas: IT risk management, IT security, IT outsourcing, and IT continuity management. Thus, firms can expect to see a continued focus by the Central Bank on these fundamentals and on firms’ resilience capabilities.

Mr Sibley noted that management of financial services providers has to assume responsibility with regard to the adequate tackling of cyber threats. According to him, the overall responsibility for resilience rests with the board and senior management. However, the central bank has found failings of boards and senior management to understand and appreciate the significance of the IT and operational risks their firms face.

“We have seen evidence of risks and messages being diluted as they are filtered up through the organisation such that they are so high-level once they get to senior levels that they lose their meaning or impact”, Mr Sibley said.

Mr Sibley said he expects boards to:

  • understand how disruptions of key business services could impact their customers and their value chain;
  • ensure operational and cyber resilience strategies are fit for purpose;
  • and oversee risk tolerances and appetite metrics to track, measure and trigger a response to disruptive events.

In addition, he expects that boards ensure that their firms have the resilience to withstand future shocks, absorb the impacts of the shock and communicate effectively to stakeholders throughout, and to ultimately recover from the incident and use the learnings to further improve their future resilience.

  • Read this next

    Fintech

    Nubank makes impressive turnaround, posting $1 billion profit in 2023

    Brazil’s Nubank has made a remarkable turnaround, swinging from a net loss in 2022 to a $1 billion net profit in 2023. The digital bank’s revenues have soared past $8 billion, marking a major milestone in its financial performance.

    Retail FX

    Spanish watchdog warns of UP MARKETS, BITBINX

    The Comision Nacional del Mercado de Valores (CNMV), the financial regulatory body of Spain, announced in a statement that it has added to its warning list new website that are illegally offering financial services to Spanish citizens.

    Digital Assets

    MicroStrategy buys 3,000 more bitcoins, suffers phishing attack

    MicroStrategy, the largest corporate investor in bitcoin, has expanded its cryptocurrency portfolio by buying an additional 3,000 bitcoins for $155 million.

    Crypto Insider

    Saudi Launches World’s First Cultural Metaverse

    The Saudi Ministry of Culture, droppGroup, and Oracle have joined forces to launch the Cultural Universe, the world’s first government-operated national Metaverse initiative.

    Retail FX

    eToro revives IPO plans after failed $10B SPAC merger

    Israeli social trading network eToro is actively exploring options for a public market listing, according to CEO Yoni Assia in an exclusive interview with CNBC.

    Digital Assets

    Meme Coin Communities Gear Up for the CoinMarketCap Crypto Awards

    CoinMarketCap’s Crypto Awards 2024, the first edition of a new annual event, is captivating the global crypto community. This is especially true for the Meme Coin Of The Year category, where voting has become a battleground for the most passionate and vibrant communities in the crypto space.

    Digital Assets

    Sui Recognized as 2024 Blockchain Solution of the Year at AIBC Eurasia Awards

    The Layer-1 Received the Top Honor at the Eurasia Awards While Experiencing a Period of Unprecedented Growth and Recognition

    Crypto Insider

    Vitalik Buterin, Sandeep Nailwal Lead Decentralized AGI Summit, Address Centralized AI Risks at ETHDenver

    Sentient and Symbolic Capital’s Decentralized AGI Summit will feature leading Decentralized AI authorities like Vitalik Buterin and Sandeep Nailwal.

    Digital Assets

    Aethir Unveils Its First Decentralized AI Node Sale

    Aethir, a leader in decentralized GPU cloud infrastructure, has announced its highly anticipated Node Sale.

    <