The Central Bank has warned that it expects cybersecurity governance, IT security and risk management systems to be top priority items for boards and senior management.
In a guidance note published on 13 September 2016, the Central Bank highlighted the need for increased efforts to address the risks associated with cybersecurity. The Central Bank acknowledges that IT is a core enabler of business with most if not all of the critical business functions supported by IT systems and is calling on firms to properly develop and document a board-approved IT strategy that is comprehensively aligned with firms' overall business strategy.
The guidance identifies inadequate data classification policies, deficiencies in governance of IT-related outsourcing and shortcomings in relation to IT risk assessments as some of the key issues to be addressed by firms.
The Central Bank expects that board members and senior management possess “sufficient knowledge” and understanding of IT-related risks and highlights that “sufficient resources” will need to be allocated to execute the business-aligned IT strategy, including an adequate IT budget, staff levels and relevant expertise.