On 13 September, the Central Bank issued a guidance document entitled “Cross Industry Guidance in respect of Information Technology and Cybersecurity Risks”. The Central Bank highlights the role of IT as being at the heart of the supply of financial services. The Central Bank states that firms should assume they will be successfully targeted by hackers based on the increase in incidences of cyber-attack and business interruption.
The Central Bank has outlined in the guidance a number of key issues in this area which firms must robustly address including: alignment of IT and business strategy; outsourcing risk; change management; cybersecurity; incident response; disaster recovery and business continuity. The Central Bank highlights that “sufficient resources” will need to be allocated to improve the security and resilience of IT systems as well as their governance and management. The Central Bank expects Boards and Senior Management of firms to take responsibility for these issues and prioritise them. Given the potential impact of the risks involved the Central Bank will be assessing firms’ knowledge, understanding and effective management of IT-related risks as part of their supervisory engagement.
A link to the guidance document is here.