The Central Bank of Ireland (Bhainc Ceannais na hÉireann) has published guidance on IT risk management and cyber security for financial services firms and warned that cyber risks are now a key concern.
Incidences of cyber attack related business interruption are increasing and firms should assume they will be successfully targeted, says the Central Bank, and the security and resilience of IT systems, their governance and management must improve to reflect this reality.
The Central Bank expects boards and senior management of regulated firms to:
- Fully recognise their responsibilities for cyber risk issues and to put them among their top priorities.
- Robustly address key issues such as alignment of IT and business strategy, outsourcing risk, change management, cybersecurity, incident response, disaster recovery and business continuity. Firms need to make sure that they understand these risks and that they are managed effectively.
The new guidance, ‘Cross Industry Guidance in respect of Information Technology and Cybersecurity Risks’, sets out the Central Bank's expectations of firms in the above areas.
Director of Policy & Risk, Gerry Cross, said:
“Developments in technology have fundamentally changed business processes and models in financial firms. These advancements have resulted in benefits for firms and their customers. However, they also bring significant risks as firms become increasingly interconnected and more reliant on complex IT systems, including outsourcing service providers.
“The Central Bank is demanding increased effectiveness in this area. We are undertaking considerable work to require improved IT risk management and cyber resilience across regulated firms. This includes enhanced supervisory capabilities and increased focus on these risk areas."Read the guidance document (PDF).