IT disaster recovery, cloud computing and information security news

The Financial Stability Board sets out ways to achieve greater convergence in cyber incident reporting

Details

The Financial Stability Board (FSB), an international body that monitors and makes recommendations about the global financial system, has published a report with recommendations to achieve greater convergence in cyber incident reporting.

Cyber incidents are rapidly growing in frequency and sophistication. The interconnectedness of the global financial system makes it possible that a cyber incident at one financial institution (or an incident at one of its third-party service providers) could have spill-over effects across borders and sectors. In many jurisdictions, financial authorities have introduced cyber incident reporting requirements for financial institutions, which are crucial for effective policy response and promoting financial stability. Over the last decade, however, meaningful differences have and continue to emerge in the requirements and practices associated with cyber incident reporting.

Recognising that timely and accurate information on cyber incidents is crucial for effective incident response and recovery and promoting financial stability, the G20 asked the FSB to deliver a report on achieving greater convergence in cyber incident reporting.

To meet this call, the FSB conducted work to promote greater convergence in cyber incident reporting and the new report, Recommendations to Achieve Greater Convergence in Cyber Incident Reporting: Final Report, is the result of this.

The report identifies commonalities in cyber incident reporting frameworks and details practical issues associated with the collection of cyber incident information from financial institutions and the onward sharing between financial authorities. These practical issues include:

  • Operational challenges arising from the process of reporting to multiple authorities;
  • Setting appropriate and consistent qualitative and quantitative criteria/thresholds for reporting;
  • Establishing an appropriate culture to report incidents in a timely manner;
  • Inconsistent definitions and taxonomy related to cyber security;
  • Establishing a secure mechanism to communicate on cyber incidents; and
  • Legal or confidentiality constraints in sharing information with authorities across borders and sectors.

This report sets out 16 recommendations to address these issues with a view to promote best practices in cyber incident reporting.

Read the report.


Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

The Hunt for Hidden Risks
The Business Continuity Business Case

Additional Resources

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as ‘the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption’. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.