Cyber risk has been high on the agenda of financial services regulators for some time now. In the UK, the FCA specifically addressed its concerns in its 2015/2016 Business Plan and it has an on-going programme of work which includes working with the PRA and Bank of England on visibility of IT resilience and risks at board level, and with Treasury and regulatory partners on addressing cyber risk. Therefore it comes as no surprise that the finance ministers and central bank governors of the G-7 countries have considered Cyber risk at an international level and on the 11th October 2016, The G-7 Fundamental Elements of Cybersecurity for The Financial Sector was published.

The document sets out eight high-level, non-binding “fundamental elements” of cyber security for public and private entities in the financial sector. The fundamental elements are meant to be building blocks for strong network security.

The elements include the establishment and maintenance of a cybersecurity strategy and framework tailored to specific cyber risks, based on industry standards and guidelines. The report states that:

“As part of their risk and control assessments, entities should implement incident response policies and other controls to facilitate effective incident response.”

Particular emphasis is also given to governance and the need for access to, and oversight by, senior management at board level. The fundamental elements have been endorsed by the U.S. Department of the Treasury and the Board of Governors of the Federal Reserve System.

Whilst the G-7 Fundamental Elements document is aimed at the financial sector, its recommendations apply equally to entities in other industry sectors. It also reflects the advice that Hogan Lovells’ Privacy and Cybersecurity group has been giving to clients. Hogan Lovells has created the Ready, Set, Respond resource portal. Designed to address the needs that we hear from our clients every day, the portal allows you to:

  • Use our interactive diagnostic tool to assess your incident response plan (IRP)
  • Access practical and readable summaries of cybersecurity regulation in key regions and countries
  • Download a checklist of items to address when building your IRP
  • Learn more about Hogan Lovells’ team and capabilities
  • Explore topical webinars we’ve hosted recently