Financial Crime World

Cybersecurity in Peru’s Financial Sector: A Comprehensive Approach

The Peruvian government has taken a proactive stance on cybersecurity, particularly in the financial sector. The Superintendence of Banking Supervision (SBS) has developed four pillars to ensure that financial institutions have the necessary capabilities to anticipate, understand, and rapidly respond to cyber threats.

Pillar 1: Developing Specific Regulations on Cybersecurity

Aligning with International Frameworks

  • The SBS is studying the Computer Security Incident Response Team (CSIRT) Services Framework to identify its compatibility with their role.
  • They will evaluate the use of the Malware Information Sharing Platform (MISP) for sharing and storing threat intelligence.

Pillar 2: Ensuring Necessary Organizational Structures

Integrating Cybersecurity into Risk Management

  • Financial institutions should integrate their cybersecurity measures into their risk management operations.
  • They need to have an adequate organizational structure, including a specialized information security committee and a multi-disciplinary incident response team.
  • The SBS has a Sectorial Business Continuity Working Group that conducts exercises to prepare for potential cyber attacks.

Pillar 3: Ensuring the Necessary Human Resource Capacity

Providing Ongoing Training in Cybersecurity

  • Financial institutions should provide ongoing training in cybersecurity for all employees.
  • Board of directors are required to provide resources, establish the organization, and define policies on cybersecurity capability developments.
  • The SBS’ information systems and technology supervision teams have been given ongoing training in information security and cybersecurity standards.

Pillar 4: Ensuring the Development of Human Resource Capacity

Addressing the Technical Expertise Shortage

  • Organizational structures and cybersecurity measures are only as good as the personnel tasked with putting them into effect.
  • Peru faces a shortage of technical experts, which highlights the need for considering cybersecurity as a holistic ecosystem.
  • Financial institutions should provide ongoing training in cybersecurity for all employees.

By implementing these four pillars, financial institutions in Peru can ensure that they have the necessary capabilities to anticipate, understand, and rapidly respond to cyber threats.