Strengthening Cybersecurity: Lessons from the Cybersecurity Survey

This technical note and manual (TNM) draws lessons from cybersecurity surveys conducted by the Monetary and Capital Markets Department (MCM) to provide advice to central banks, supervisory authorities and policy makers seeking to strengthen cybersecurity of their financial sectors. The TNM covers various measures adopted by central banks and supervisory authorities, lessons learned from the survey results, and further efforts to be made in strengthening cybersecurity, besides providing references to work by international standard setting bodies. Concerted efforts are needed to (i) develop national and financial sector focused cybersecurity strategies; (ii) build cyber risk regulatory and supervisory capacity; and (iii) address resource constraints. Legal and regulatory clarity regarding supervisory powers; adequate attention by top management; and resource augmentation will help supervisory authorities address existing gaps in these areas. Central banks and supervisory authorities also need to develop processes to better understand the threat landscape on a continuous basis. Capacity needs to be augmented in: (i) conducting cyber exercises and tests; (ii) helping build sector-wide incident response capabilities; and (iii) building cyber maps. In addition, special attention is needed towards establishing and nurturing robust institutional arrangements, in terms of enabling legal provisions to criminalize cyberattacks and establishing Computer Emergency Response Teams and Financial Sector CERTs.