DUBAI, The Dubai Financial Services Authority, DFSA, today published a thematic review report on cyber risks which highlights several important opportunities for operational risk management practices of firms operating in the Dubai International Financial Centre, DIFC.
Launched in July 2019 to identify the overall maturity level of cybersecurity programmes of firms authorised by the DFSA, the Cyber Thematic Review assessed cyber-risk governance frameworks, cyber-hygiene practices, and resilience (incident preparedness) programmes.
The review was undertaken in two phases, with the first phase consisting of a questionnaire seeking high-level information on each authorised firm’s cybersecurity practices, and the second phase consisting of desk-based reviews and onsite visits to selected firms representing a range of business models and financial services activities.
The review found that a significant number of firms had either not implemented a comprehensive cyber risk management framework or performed only a limited cyber risk assessment.
Assessing how firms have implemented cyber hygiene practices, the findings also show that several firms, particularly smaller ones, did not enforce encryption on devices to protect sensitive data. The most significant finding on the resilience of firms towards cyberattacks shows that at least half did not have a continuous identification and response capability for managing cyber incidents. Although not part of this review, the new remote working protocols established in 2020 also bring new cyber risk vulnerabilities that need to be addressed by the financial services industry.
The report further summarises these key findings and observations together with the DFSA’s expectations and examples of best practices of cyber risk management. It focuses on cyber risk fundamentals which are relevant to each Authorised Firm, regardless of its size and business model.
Chief Executive of the DFSA, Bryan Stirewalt remarked, “Enhancing the cyber resilience of our regulated population is one of our key priorities. Over the past two years, we have steadily increased our supervisory focus on cyber risk. We are constantly engaging with firms in the DIFC to ensure they have sufficient safeguards in place to shield against cyber threats as well as effective processes to respond to and recover from a successful attack.
“Our focus also includes support for the development of industry-level guidance on cyber-risk management practices. These intensified efforts support the UAE Cybersecurity Strategy and the Dubai Cybersecurity Strategy and are designed to strengthen the cybersecurity environment in the DIFC.”
As part of its efforts to strengthen cyber-resilience in the DIFC, the DFSA launched its cyber threat intelligence platform, DFSA TIP, in January 2020. DFSA TIP aims to facilitate the development of a community of information sharing amongst financial services firms.
Source: Emirates News Agency