The first internationally agreed guidance on cyber security for the financial industry has been published by two financial markets authorities. The report – Guidance on cyber resilience for financial market infrastructures, developed by the Committee on Payments and Market Infrastructures (CPMI) and the Board of the International Organization of Securities Commissions (IOSCO) – has been developed to address the rising number of increasingly sophisticated cyber attacks against the financial sector.

Benoît Cœuré, chairman of the CPMI, said “cyber resilience is a key priority for the financial industry” and called it a “landmark report”.

The aim of the guidelines is to help the financial markets industry respond to the risk of cyber crime in a internationally coordinated way, by pre-empting cyber attacks, responding rapidly and effectively to them, and achieving faster and safer target recovery objectives if the attacks succeed. It therefore provides authorities with a set of internationally agreed guidelines to support consistent and effective oversight and supervision of FMIs in the area of cyber risk.

Key concepts for tackling cyber crime

The guidelines include the following ideas and aims:

• Sound cyber governance is key. Board and senior management attention is critical to a successful cyber resilience strategy.
• The ability to resume operations quickly and safely after a successful cyber attack is paramount.
• FMIs should make use of good-quality threat intelligence and rigorous testing.
• FMIs should aim to instil a culture of cyber risk awareness and demonstrate ongoing re-evaluation and improvement of their cyber resilience at every level within the organisation.
• Cyber resilience cannot be achieved by an FMI alone; it is a collective endeavour of the whole "ecosystem".