New guidelines from the Group of 7 (G7) will push financial institutions to design a cyber security strategy and an incident response plan as the risks of cyber attacks mount.
The 8-point framework covers issues such as establishing governance and accountability structures as well as procedures for assessing risk.
It pushes financial entities to establish systematic monitoring protocols, as well as providing a step-by-step guide for responding to a breach and resuming operations.
The G7 guidelines also suggest that institutions share information in a “timely” fashion with internal and external stakeholders.”
Finally, they say that organisations need to regularly review their cyber security practices to update them in response to new threats.
The elements are “non-binding” and apply to both private and public financial institutions. They are also designed to allow public authorities to guide their public policy, regulatory, and supervisory efforts.
Security in the financial sector has come under increased scrutiny after an attack in February using the SWIFT network saw $81m (£56m) stolen from Bangladesh’s central bank, after attackers exploited vulnerabilities in banks funds’ transfer initiation environments before sending the messages over SWIFT.
SWIFT is the primary communications channel for financial institutions engaged in correspondent banking around the world, transmitting messages relating to payments, securities, treasury and trade between financial institutions.
“Increasing in sophistication, frequency, and persistence, cyber risks are growing more dangerous and diverse, threatening to disrupt our interconnected global financial systems and the institutions that operate and support those systems,” said a statement posted on the UK Government’s website.
“The elements serve as the building blocks upon which an entity can design and implement its cybersecurity strategy and operating framework, informed by its approach to risk management and culture. The elements also provide steps in a dynamic process through which the entity can systematically re-evaluate its cybersecurity strategy and framework as the operational and threat environment evolves.”