Financial Crime World

Financial Markets Authority Urges Firms to Improve Cyber-Resilience

The Financial Markets Authority (FMA) is urging all market participants to take steps to improve their cyber-resilience, following a recent survey that revealed a need for improvement in this area.

Survey Results

A survey conducted among 100 participants representing various regulated sectors found that many firms are not adequately addressing the NIST cybersecurity framework’s Identify, Protect, Detect, Respond, and Recover functions. The results of the survey are:

  • Only 29% of respondents reported fully implementing the Identify function
  • Just 4% said they were completely following the Recover function

Call to Action

The FMA is urging firms to make use of a recognized cybersecurity framework to plan, prioritize, and manage their cyber-resilience. While the authority does not require the use of any particular framework, it recommends using the National Institute of Standards and Technology’s (NIST) freely available resources, which can be applied to firms of all sizes.

“We want to see firms take a proactive approach to managing their cybersecurity risks,” said [FMA spokesperson]. “The NIST framework is a useful tool for helping organizations understand, manage, and reduce their cybersecurity risks. We encourage all market participants to make use of it.”

Implementing the NIST Framework

The survey also found that many firms are not adequately using the NIST Framework Implementation Tiers to assess their current cyber-resilience activities. The tiers characterize a firm’s practices from Partial (Tier 1) to Risk-informed (Tier 2), Repeatable (Tier 3), and Adaptive (Tier 4).

Firms should consider progressing to higher tiers when this change would reduce cybersecurity risk and be cost-effective, the FMA advised.

“We understand that every organization has unique risks and needs,” said [FMA spokesperson]. “We encourage firms to take a customized approach to implementing the NIST framework and to use the Framework Implementation Tiers as a guide.”

Additional Resources

The FMA is also encouraging firms to seek additional cybersecurity information from various resources, including:

  • The National Institute of Standards and Technology
  • The International Organisation of Securities Commissions (IOSCO)
  • The International Organisation for Standardisation (ISO)

For more information on cyber-resilience in financial services, visit [FMA website].

Contact Information

If you have any questions or would like to learn more about the FMA’s guidelines on cyber-resilience, please contact:

[FMA spokesperson] Phone: +64 9 300 0400 / +64 4 472 9830 Email: [FMA email]