The Hong Kong Monetary Authority (HKMA) has issued a circular to provide general guidance on proper cyber security risk management for authorised institutions in Hong Kong. A copy of the HKMA’s circular is available here.

The circular says that the Board and senior management of an authorised institution are expected to play a proactive role in ensuring effective cyber security risk management in their institution, including the following areas: 

  • Risk ownership and management accountability
  • Periodic evaluations and monitoring of cyber security controls: Board and Senior Management must lead
  • Industry collaboration, contingency planning, and incident response
  • Regular independent assessment and tests